GeekPolice Tech TutorialsLog in

 


Possible Malware

Share

descriptionSolvedRe: Possible Malware

more_horiz
I am also running XP and I have found that IE is also very unstable. That is why I use FF and Chrome. Could you please try Chrome to see how that works for you? In the meantime, I will consult a colleague concerning this matter.

descriptionSolvedRe: Possible Malware

more_horiz
I tried Chrome, and I was able to open up Ebay and load images, and I was able to log into Geek Police and read my posts.  I did find two problems with Chrome, one at times Chrome lagged for a little while.  But, the biggest concern I had, was that I was redirected to a different site, and I wondered if there might still be Malware hiding somewhere.  In trouble shooting Firefox problems, I learned that I might need to upgrade my graphics driver.  In Firefox troubleshooting steps there was a link to click on to show me what to do to upgrade the driver.  I decided to view the page I was on in Chrome, so I could still view the instructions in case I needed to restart Firefox.  In Firefox, I copied the URL for the page I was on, and pasted it into Chrome.  The page loaded correctly and looked just like the page in Firefox.  I decided to click on the link in Chrome for the driver update.  I was taken to what appeared to be the Yahoo Search engine with a list of links to click on to download the driver update.  I clicked on one and it loaded, but then I decided not to open it for it to download.  I instead removed it from the download list.  I went back to Firefox and clicked on the same link, and it took me to a page of directions on how to go to the start menu within my computer, and update the driver within my computer which would update through IE since it was a Windows item.  So it seemed Chrome was redirecting me to potentially harmful downloads.  I did a Malwarebytes scan after, and nothing was found.

descriptionSolvedRe: Possible Malware

more_horiz
You should only download drivers from the site of the maker of your computer.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.


  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

descriptionSolvedRe: Possible Malware

more_horiz
Hello there, this has been escalated to me... Once the steps above have been complete, please follow these directions...

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

descriptionSolvedRe: Possible Malware

more_horiz
The ESET program has other options, than described above.  Should I not select any other options than Remove Found Threats, and Scan Archives.  An image is attached for you to see what I am referring to.

descriptionSolvedRe: Possible Malware

more_horiz
Thank you for your help, Super Dave!  Dr. Jay, thank you for the additional help you are providing!

descriptionSolvedRe: Possible Malware

more_horiz
You're welcome... See if these instructions help you:

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

  • Download and execute ESET Online Scanner (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
  • Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :

    • Enable detection of potentially unwanted applications;
    • Scan archives;
    • Scan for potentially unsafe applications;
    • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;


  • After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;

  • Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;

  • After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;

  • Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;

  • Once you're done, click on the Back button;
  • Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

descriptionSolvedRe: Possible Malware

more_horiz
Below you will find results for, ESET.  Each one shows to have been cleaned or cleaned by deleting, but the option to Uninstall application on close and Delete quarantined files was not present.  The two options were, Delete application's data on close, and Remove from quarantine.  I selected Delete application's data.  But it seems the quarantined files are still in my computer, since I could not delete them.



C:\Documents and Settings\Teressa\Application Data\Sun\Java\Deployment\cache\6.0\13\603d834d-229540c5    a variant of Java/Exploit.CVE-2011-3544.CF trojan    cleaned by deleting
C:\Documents and Settings\Teressa\Desktop\All Folders\Desk Top\InstallFreeRARExtractFrog.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    cleaned by deleting
C:\Documents and Settings\Teressa\Desktop\All Folders\DVD Tools\ashampoo_burning_studio_6_free_6.80_4312.exe    a variant of Win32/Toolbar.Conduit.AU potentially unwanted application    cleaned by deleting
C:\Documents and Settings\Teressa\Desktop\Unused Desktop Shortcuts\rminstall.exe    Win32/RegistryMechanic.B potentially unwanted application    cleaned by deleting
C:\Documents and Settings\Teressa\My Documents\Downloads\android-assistant(1).exe    multiple threats,a variant of Android/Exploit.Lotoor.CX trojan,a variant of Android/Exploit.Lotoor.GW trojan,Android/Exploit.MempoDroid.A trojan,Android/Exploit.Lotoor.EF trojan,Android/Exploit.Lotoor.EZ trojan,a variant of Android/Exploit.Lotoor.GX trojan    cleaned by deleting
C:\Documents and Settings\Teressa\My Documents\Downloads\android-assistant.exe    multiple threats,a variant of Android/Exploit.Lotoor.CX trojan,a variant of Android/Exploit.Lotoor.GW trojan,Android/Exploit.MempoDroid.A trojan,Android/Exploit.Lotoor.EF trojan,Android/Exploit.Lotoor.EZ trojan,a variant of Android/Exploit.Lotoor.GX trojan    cleaned by deleting
C:\Documents and Settings\Teressa\My Documents\Downloads\cdbxp_setup_4.5.1.3868.exe    Win32/OpenCandy potentially unsafe application    cleaned by deleting
C:\Documents and Settings\Teressa\My Documents\Downloads\debutsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted
C:\Documents and Settings\Teressa\My Documents\Downloads\setup-trial.exe    a variant of Win32/Adware.ErrorRepair.A application    cleaned by deleting
C:\Program Files\NCH Software\Debut\uninst.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    cleaned by deleting
C:\Program Files\Netscape\Navigator 9\plugins\npMozCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2788\A0545124.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    cleaned by deleting
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2788\A0545125.exe    a variant of Win32/Toolbar.Conduit.AU potentially unwanted application    cleaned by deleting
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2788\A0545126.exe    Win32/RegistryMechanic.B potentially unwanted application    cleaned by deleting
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2788\A0545164.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    cleaned by deleting
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2788\A0545165.dll    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
L:\WD_SmartWare\5AB5B6B3949B43968DA5AFDAD605C122\C_\Documents and Settings\Teressa\Desktop\LIme Wire\angels 101 CD quality.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned

descriptionSolvedRe: Possible Malware

more_horiz
FRST


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2017 01
Ran by Teressa (administrator) on PROSPERITY (22-06-2017 14:51:42)
Running from C:\Documents and Settings\Teressa\Desktop
Loaded Profiles: Teressa (Available Profiles: Teressa & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\fxssvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Microsoft® Corporation) C:\Program Files\Microsoft Works\MSWORKS.EXE
() C:\Program Files\OLYMPUS\CAMEDIA Master\Olympus Camedia.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2003-01-30] (HP)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-05-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [263232 2017-06-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 5f000000
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Run: [cdloader] => C:\Documents and Settings\Teressa\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Run: [Google Update] => C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {0b056b56-6899-11df-9dbe-000cf18c7d78} - H:\workshop.exe
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {708fc04e-98af-11e4-9fe8-000cf18c7d78} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {7aef4004-1019-11d8-9f71-000cf18c7d78} - J:\autorun.exe
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {7bac474c-c28d-11df-9dfe-000cf18c7d78} - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {874167d2-c3cb-11e1-9f2a-000cf18c7d78} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {deb3764a-db1d-11de-9d58-000cf18c7d78} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {e893ae8f-e7f1-11df-9e0f-000cf18c7d78} - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AutoLaunch] => C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2013-01-19] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\setup.exe [2010-08-15] (magicJack L.P.)
Startup: C:\Documents and Settings\Teressa\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-01-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0DCE56D5-9130-4B54-B459-5C2AFE16A228}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell4me.com/myway
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.com/
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> {E70C0F81-A36D-4E87-A070-1623DE26DC04} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2003-03-16] ()
BHO: PPCScamBHO Class -> {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} -> No File
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\TomTom\HOME\Profiles\4qqmyzdd.default [2013-05-21]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\Nvu\Profiles\46itrkdl.default [2012-10-21]
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\Netscape\Navigator\Profiles\ro5fo0iq.default [2010-08-09]
FF Extension: (No Name) - C:\Program Files\Netscape\Navigator 9\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Program Files\Netscape\Navigator 9\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3} [not found]
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859 [2017-06-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-17] [not signed]
FF HKLM\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files\AVG\AVG2012\Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-15] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-12-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [2010-10-20] (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-13] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYVerInfo.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Teressa\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Teressa\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [No File]
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Teressa\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Teressa\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-06-20]
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-20]
CHR HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.42AWFHMO6FPQSCDKOVTDJDJWOI - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-24] (SUPERAntiSpyware.com)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-06-15] (Adobe Systems Incorporated) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [264432 2017-06-18] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5782800 2017-06-18] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-05-31] (AVG Technologies CZ, s.r.o.)
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-20] (SEIKO EPSON CORPORATION)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [48368 2009-09-03] (NOS Microsystems Ltd.)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S3 Pml Driver; C:\WINDOWS\System32\HPHipm09.exe [77824 2003-01-30] (HP)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S3 WsDrvInst; C:\Program Files\Wondershare\MobileTrans\DriverInstall.exe [103824 2015-08-07] (Wondershare)
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 Andbus; C:\WINDOWS\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\WINDOWS\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\WINDOWS\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
S3 AndnetBus; C:\WINDOWS\System32\DRIVERS\lgandnetbus.sys [15744 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [24576 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [29696 2015-01-26] (LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\System32\DRIVERS\lgandnetndis.sys [70784 2015-01-21] (LG Electronics Inc.)
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2002-08-14] (Adaptec)
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiskx.sys [135872 2017-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdriverx.sys [260616 2017-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidshx.sys [151024 2017-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgblogx.sys [270344 2017-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbunivx.sys [43992 2017-06-18] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [35264 2017-06-18] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [109056 2017-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr.sys [61888 2017-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [63280 2017-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [765704 2017-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [483736 2017-06-18] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\WINDOWS\system32\drivers\avgStmXP.sys [182208 2017-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [280928 2017-06-18] (AVG Technologies CZ, s.r.o.)
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 Dot4 HPH09; C:\WINDOWS\System32\DRIVERS\hphid409.sys [50800 2003-01-30] (HP)
S3 Dot4Print HPH09; C:\WINDOWS\System32\DRIVERS\hphipr09.sys [16112 2003-01-30] (HP)
S3 Dot4Storage HPH09; C:\WINDOWS\System32\Drivers\hphs2k09.sys [50211 2003-01-30] (Hewlett-Packard)
S3 Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [18864 2003-01-30] (HP)
R3 dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [18816 2010-01-29] (RIF) [File not signed]
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-05-25] ()
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 GT680x; C:\WINDOWS\System32\Drivers\gt680x.sys [18120 2001-11-08] (   ) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel(R) Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [147232 2017-06-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39840 2017-06-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220576 2017-06-19] (Malwarebytes)
S3 OlCamudp; C:\WINDOWS\System32\Drivers\olcamudp.sys [10379 2000-02-08] (OLYMPUS Optical Co.,Ltd.) [File not signed]
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1330048 2003-09-22] (Creative Technology Ltd.)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-03-17] (VSO Software) [File not signed]
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
S3 PLTurbh; C:\WINDOWS\System32\drivers\plturbh.sys [16384 2009-07-01] (Prolific Technology Inc.)
R3 PLTurbo; C:\WINDOWS\System32\drivers\plturbo.sys [16640 2009-07-01] (Prolific Technology Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2013-01-19] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-20] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2013-01-19] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2010-01-30] () [File not signed]
S3 bvrp_pci; no ImagePath
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 StarOpen; no ImagePath
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: Ip6FwHlp -> no filepath.

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-22 14:51 - 2017-06-22 14:55 - 00025557 _____ C:\Documents and Settings\Teressa\Desktop\FRST.txt
2017-06-22 14:50 - 2017-06-22 14:51 - 00000000 ____D C:\FRST
2017-06-22 14:50 - 2017-06-22 14:50 - 01778688 _____ (Farbar) C:\Documents and Settings\Teressa\Desktop\FRST.exe
2017-06-20 23:42 - 2017-06-20 23:42 - 00000000 ____D C:\Documents and Settings\Teressa\Local Settings\Application Data\ESET
2017-06-20 21:46 - 2017-06-20 21:48 - 06754944 _____ (ESET spol. s r.o.) C:\Documents and Settings\Teressa\Desktop\esetonlinescanner_enu.exe
2017-06-20 02:38 - 2017-06-20 02:39 - 00012405 _____ C:\Documents and Settings\Teressa\Desktop\MTB.txt
2017-06-20 02:35 - 2017-06-20 02:35 - 00892416 _____ (Farbar) C:\Documents and Settings\Teressa\Desktop\MiniToolBox(1).exe
2017-06-19 19:27 - 2017-06-22 07:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-19 19:27 - 2017-06-19 19:27 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-19 19:27 - 2017-06-19 19:27 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-06-18 16:32 - 2017-06-18 16:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2017-06-18 16:06 - 2017-06-22 04:23 - 00000296 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
2017-06-18 16:06 - 2017-06-18 16:07 - 00182208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgstmxp.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00483736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00280928 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00109056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00061888 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00765704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00260616 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
2017-06-18 16:04 - 2017-06-18 16:03 - 00331896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-06-18 15:53 - 2017-06-18 15:53 - 00000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2017-06-18 11:12 - 2017-06-18 11:12 - 00010374 _____ C:\Documents and Settings\Teressa\Desktop\Defragment VolumeC.txt
2017-06-16 18:08 - 2017-06-22 14:08 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\New Folder (7)
2017-06-16 15:10 - 2017-06-16 17:10 - 00000000 ____D C:\AdwCleaner
2017-06-16 12:41 - 2017-06-16 12:41 - 00001317 _____ C:\Documents and Settings\Administrator.PROSPERITY\Desktop\Mbam Results.txt
2017-06-16 00:42 - 2017-06-16 00:42 - 00147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-16 00:36 - 2017-06-19 18:00 - 00039840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-16 00:36 - 2017-06-19 17:59 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-16 00:35 - 2017-06-16 00:35 - 00001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-06-16 00:35 - 2017-06-16 00:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-06-16 00:35 - 2017-05-25 11:58 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-06-16 00:34 - 2017-06-16 00:34 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-15 21:33 - 2017-06-15 21:33 - 00000000 __SHD C:\Documents and Settings\Administrator.PROSPERITY\PrivacIE
2017-06-15 18:18 - 2017-06-15 18:18 - 00000000 ____D C:\Documents and Settings\Administrator.PROSPERITY\Local Settings\Application Data\Google
2017-06-15 18:17 - 2017-06-17 02:16 - 00622720 _____ C:\WINDOWS\ntbtlog.txt
2017-06-15 05:20 - 2017-06-15 05:38 - 00002306 _____ C:\Documents and Settings\Teressa\Start Menu\Programs\Google Chrome.lnk
2017-06-15 05:20 - 2017-06-15 05:38 - 00002300 _____ C:\Documents and Settings\Teressa\Desktop\Google Chrome.lnk
2017-06-08 16:45 - 2017-06-08 16:45 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2017-05-27 16:17 - 2017-05-27 16:18 - 00000136 _____ C:\Documents and Settings\Teressa\Desktop\Gmail.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-22 14:55 - 2003-12-28 17:52 - 00000000 ____D C:\Documents and Settings\Teressa\Local Settings\Temp
2017-06-22 14:28 - 2012-10-25 16:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-06-22 14:27 - 2011-05-23 01:01 - 00000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job
2017-06-22 14:06 - 2002-09-30 06:10 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2017-06-22 14:01 - 2010-01-07 14:31 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-06-22 12:15 - 2015-02-27 13:15 - 00000514 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job
2017-06-22 12:01 - 2003-12-15 07:42 - 00032422 _____ C:\WINDOWS\SchedLgU.Txt
2017-06-22 11:18 - 2010-06-08 16:03 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2017-06-22 06:01 - 2015-02-27 13:14 - 00000514 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job
2017-06-22 05:30 - 2004-07-13 16:43 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\Unused Desktop Shortcuts
2017-06-22 02:27 - 2011-05-23 01:01 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job
2017-06-22 02:24 - 2003-12-15 07:41 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-21 18:51 - 2016-09-20 06:05 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-06-21 17:45 - 2006-02-05 11:54 - 00000000 ____D C:\Documents and Settings\Teressa\My Documents\My PSP Files
2017-06-21 17:44 - 2008-11-11 18:48 - 00002375 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Corel Paint Shop Pro X.lnk
2017-06-21 16:01 - 2010-01-07 14:31 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-06-20 02:47 - 2007-08-18 10:10 - 00000000 ____D C:\WINDOWS\network diagnostic
2017-06-20 02:10 - 2002-09-03 10:00 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2017-06-19 19:36 - 2015-04-13 23:53 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\Old Firefox Data
2017-06-19 19:27 - 2012-04-28 11:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-19 18:01 - 2010-09-10 04:09 - 00000000 ____D C:\Documents and Settings\Teressa\Local Settings\Application Data\magicJack
2017-06-19 17:57 - 2014-03-30 15:41 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-06-19 17:57 - 2013-06-02 23:52 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-06-19 17:57 - 2003-12-15 07:41 - 00004330 ____C C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2017-06-19 17:57 - 2003-12-15 07:38 - 00001170 ____C C:\WINDOWS\system32\WPA.DBL
2017-06-19 17:56 - 2003-12-15 07:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-19 17:55 - 2003-12-28 17:52 - 00000178 ___SH C:\Documents and Settings\Teressa\NTUSER.INI
2017-06-19 17:55 - 2003-12-28 17:52 - 00000000 ____D C:\Documents and Settings\Teressa
2017-06-19 17:43 - 2013-10-28 20:28 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\mjusbsp
2017-06-19 17:42 - 2013-10-28 20:29 - 00000996 _____ C:\Documents and Settings\Teressa\Desktop\magicJack.lnk
2017-06-19 17:42 - 2010-12-09 18:01 - 00001002 _____ C:\Documents and Settings\Teressa\Start Menu\Programs\magicJack.lnk
2017-06-19 03:41 - 2016-06-10 08:05 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\AVG
2017-06-19 03:30 - 2015-06-02 09:36 - 00000000 ____D C:\Documents and Settings\Teressa\Local Settings\Application Data\Avg
2017-06-19 03:30 - 2011-05-11 13:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2017-06-19 02:48 - 2011-02-27 04:26 - 00000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2017-06-18 18:36 - 2010-01-07 14:36 - 00000000 ____D C:\Documents and Settings\Teressa\Local Settings\Application Data\Temp
2017-06-18 17:39 - 2015-08-15 19:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2017-06-18 16:26 - 2003-12-15 07:23 - 00000000 ___HD C:\WINDOWS\INF
2017-06-18 16:01 - 2009-03-13 13:19 - 00000000 ____D C:\Program Files\AVG
2017-06-18 08:59 - 2009-12-21 16:24 - 00000000 ____C C:\Documents and Settings\Teressa\Local Settings\Application Data\prvlcl.dat
2017-06-18 01:14 - 2017-05-14 07:52 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\New Folder
2017-06-18 00:50 - 2015-10-01 16:54 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\Mary Powers That Be
2017-06-18 00:50 - 2015-08-08 07:26 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\All Custody
2017-06-18 00:46 - 2017-05-03 01:50 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\Fence 1
2017-06-18 00:42 - 2016-10-12 17:04 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\Copies Audio.Ebooks OverDrive
2017-06-18 00:37 - 2015-02-03 13:23 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\All Folders
2017-06-17 23:15 - 2003-12-28 17:52 - 00000000 ___RD C:\Documents and Settings\Teressa\My Documents
2017-06-17 22:58 - 2004-01-12 02:45 - 00096768 ____C C:\Documents and Settings\Teressa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-17 22:57 - 2012-06-03 09:34 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\vlc
2017-06-17 22:04 - 2012-04-09 19:29 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\uTorrent
2017-06-17 19:10 - 2007-10-26 01:56 - 00000000 ____D C:\ConverterOutput
2017-06-17 19:09 - 2012-04-13 11:44 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\dvdcss
2017-06-17 05:48 - 2008-04-13 20:15 - 00000178 __SHC C:\Documents and Settings\Administrator.PROSPERITY\NTUSER.INI
2017-06-16 12:36 - 2009-06-18 17:04 - 00000000 ____D C:\Documents and Settings\Administrator.PROSPERITY\Local Settings\temp
2017-06-16 00:34 - 2014-11-16 04:26 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-06-16 00:34 - 2008-10-22 02:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-06-15 21:33 - 2008-04-13 20:15 - 00000000 ____D C:\Documents and Settings\Administrator.PROSPERITY
2017-06-15 16:31 - 2008-08-14 21:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-15 06:44 - 2012-10-25 16:00 - 00803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-06-15 06:44 - 2011-05-12 23:24 - 00144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-06-15 06:41 - 2003-12-15 07:23 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-15 03:57 - 2010-08-12 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2160329$
2017-06-13 17:12 - 2003-12-15 07:41 - 00525020 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-13 15:37 - 2004-03-19 02:18 - 00000000 __SHD C:\Documents and Settings\Teressa\UserData
2017-06-08 15:00 - 2014-03-30 15:41 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-06-06 00:32 - 2007-07-15 17:19 - 00000000 ____D C:\vpp_temp
2017-05-27 20:29 - 2013-10-08 19:41 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\eM Client
2017-05-26 18:42 - 2008-07-28 23:50 - 00000000 ____D C:\Documents and Settings\Teressa\My Documents\Ebay Templates

==================== Files in the root of some directories =======

2013-06-26 06:54 - 2014-06-23 16:39 - 0003728 ____C () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2007-07-18 01:36 - 2007-07-18 01:36 - 0000336 ____C () C:\Program Files\temp995.bat
2010-03-16 16:28 - 2011-09-05 01:35 - 0000162 ____C () C:\Documents and Settings\Teressa\Application Data\default.rss
2010-06-13 00:31 - 2010-06-13 00:31 - 0000000 ____C () C:\Documents and Settings\Teressa\Application Data\downloads.m3u
2010-03-17 23:45 - 2014-04-15 03:00 - 0087608 ____C () C:\Documents and Settings\Teressa\Application Data\inst.exe
2010-03-02 04:11 - 2010-03-02 04:16 - 0000699 ____C () C:\Documents and Settings\Teressa\Application Data\moyea_dia.log
2010-03-17 23:45 - 2014-04-15 03:00 - 0007887 ____C () C:\Documents and Settings\Teressa\Application Data\pcouffin.cat
2010-03-17 23:45 - 2014-04-15 03:00 - 0001144 ____C () C:\Documents and Settings\Teressa\Application Data\pcouffin.inf
2010-03-17 23:45 - 2014-04-15 03:00 - 0000033 ____C () C:\Documents and Settings\Teressa\Application Data\pcouffin.log
2010-03-17 23:45 - 2014-04-15 03:00 - 0047360 ____C (VSO Software) C:\Documents and Settings\Teressa\Application Data\pcouffin.sys
2004-01-12 02:45 - 2017-06-17 22:58 - 0096768 ____C () C:\Documents and Settings\Teressa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-05 02:15 - 2015-02-05 02:15 - 0026900 ____C () C:\Documents and Settings\Teressa\Local Settings\Application Data\dt.dat
2009-12-21 16:24 - 2017-06-18 08:59 - 0000000 ____C () C:\Documents and Settings\Teressa\Local Settings\Application Data\prvlcl.dat
2012-01-15 15:59 - 2012-05-06 17:10 - 0000031 __SHC () C:\Documents and Settings\All Users\Application Data\.zreglib
2007-12-11 04:17 - 2017-05-16 13:29 - 0013296 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2010-09-17 23:41 - 2010-09-17 23:41 - 0000133 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2007-08-18 09:36 - 2007-08-18 09:36 - 0001751 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
2017-05-16 13:18 - 2009-11-25 05:23 - 1710720 ____N (Hewlett-Packard) C:\Documents and Settings\Teressa\Local Settings\Temp\hpzmsi01.exe
2017-05-16 13:18 - 2009-11-25 05:23 - 1639552 ____N (Hewlett-Packard) C:\Documents and Settings\Teressa\Local Settings\Temp\hpzscr01.EXE
2017-05-16 13:18 - 2009-11-25 05:23 - 0467072 ____N (Hewlett-Packard) C:\Documents and Settings\Teressa\Local Settings\Temp\hpzswp01.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

descriptionSolvedRe: Possible Malware

more_horiz
Addition


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2017 01
Ran by Teressa (22-06-2017 14:56:47)
Running from C:\Documents and Settings\Teressa\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2003-12-28 22:52:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2305011698-3870448665-3586125232-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.PROSPERITY
ASPNET (S-1-5-21-2305011698-3870448665-3586125232-1008 - Limited - Enabled)
Guest (S-1-5-21-2305011698-3870448665-3586125232-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2305011698-3870448665-3586125232-1006 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2305011698-3870448665-3586125232-1002 - Limited - Disabled)
SUPPORT_3f151ab9 (S-1-5-21-2305011698-3870448665-3586125232-1005 - Limited - Disabled)
Teressa (S-1-5-21-2305011698-3870448665-3586125232-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Teressa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: AVG Antivirus (Enabled - Up to date) {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version:  - )
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.0.5 - LSoft Technologies)
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version:  - )
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVG (Version: 1.191.1 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
Backuptrans Android SMS + MMS Transfer 3.2.16 (HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Backuptrans Android SMS + MMS Transfer) (Version: 3.2.16 - Backuptrans)
Banctec Service Agreement (Version: 1.00.00 - Dell) Hidden
Banctec Service Agreement (Version: 1.00.0005 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
bitcontrol® MPEG-2 Video Decoder v2.1 (HKLM\...\bcMPEG2dec) (Version: 2.1 - BitCtrl Systems GmbH)
Bonjour (HKLM\...\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}) (Version: 1.0.105 - Apple Inc.)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C6200_Help (Version: 90.0.189.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.0 - Corel Inc)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 (HKLM\...\Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1) (Version:  - Cucusoft, Inc.)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Dell Networking Guide (Version: 1.00.0001 - Dell) Hidden
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
DS21Patch (Version: 1.00.0000 - Dell) Hidden
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD43 Plug-in v1.0.0.5 (HKLM\...\DVD43 Plug-in_is1) (Version:  - )
DVD43 v4.6.0 (HKLM\...\DVD43_is1) (Version:  - )
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0000 - Dell)
eM Client (HKLM\...\{224024F1-88C6-4E06-9AF6-39FF47347338}) (Version: 7.0.30068.0 - eM Client Inc.)
EPSON Artisan 1430 Series Printer Uninstall (HKLM\...\EPSON Artisan 1430 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.4.2 (HKLM\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FMW 1 (Version: 1.203.1 - AVG Technologies) Hidden
Google Chrome (HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPL Ghostscript 8.50 (HKLM\...\GPL Ghostscript 8.50) (Version:  - )
GPL Ghostscript Fonts (HKLM\...\GPL Ghostscript Fonts) (Version:  - )
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
hp photosmart printer series (Remove only) (HKLM\...\hp photosmart printer series) (Version:  - )
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel(R) PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
iPhone Data Recovery  (HKLM\...\iPhone Data Recovery) (Version:  - Tenorshare, Inc.)
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
LightScribe System Software (HKLM\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
magicJack (HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Menu Templates - Pack 1 (Version: 9.4.4.0 - Nero AG) Hidden
Menu Templates - Starter Kit (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Client Profile Basic SP2 Version 1.0.1.22 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.1.22 - Wondershare, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version:  - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Picture It! Photo 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE132}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works 2003 Setup Launcher (HKLM\...\Works2003Setup) (Version:  - )
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )
Movie Templates - Starter Kit (Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 52.2.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.2.0 ESR (x86 en-US)) (Version: 52.2.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.2.0 - Mozilla)
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music DVD Creator 2.0 (HKLM\...\DVDCreator.exe_is1) (Version:  - Copyright (C) 2003-2007 BlazeVideo,Inc.)
MusicIP Mixer 1.8.1 (HKLM\...\MusicIP Mixer_is1) (Version:  - MusicIP)
Musicmatch® Jukebox (HKLM\...\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}) (Version: 9.00.5100 - )
Nero 9 Essentials (HKLM\...\{2102f84f-010e-4510-aa29-4f92f55eaeea}) (Version:  - Nero AG)
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
OLYMPUS CAMEDIA Master 2.01 (HKLM\...\OLYMPUS CAMEDIA Master 2.0) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 (HKLM\...\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1) (Version:  - Orban, Inc.)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
SBC Self Support Tool (HKLM\...\SBC.MCCInstall) (Version:  - )
Shockwave (HKLM\...\Shockwave) (Version:  - )
Sound Blaster Live! (HKLM\...\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}) (Version:  - )
Spybot - Search & Destroy 1.2 (HKLM\...\Spybot - Search & Destroy_is1) (Version: 1.2 - PepiMK Software)
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.15.0.1000 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
The Print Shop (HKLM\...\The Print Shop 10.0) (Version:  - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
USBFast (HKLM\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.19 - Plextor)
VideoLAN VLC media player 0.8.6c (HKLM\...\VLC media player) (Version: 0.8.6c - VideoLAN Team)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Page Creator (HKLM\...\Web Page Creator) (Version:  - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0017.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare MobileTrans ( Version 7.3.2 ) (HKLM\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 7.3.2 - Wondershare)
Works Suite OS Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\SYSTEM32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies   ጃ  0 ߡ   3            0ߡ   3           
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{2DA93B1C-588C-41AB-B213-93B8D77F7D04}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job => C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job => C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Teressa\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Documents and Settings\Teressa\Desktop\Unused Desktop Shortcuts\Yahoo! Mail.lnk -> C:\WINDOWS\SYSTEM32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.redir=ymmapi9

==================== Loaded Modules (Whitelisted) ==============

2017-06-18 16:03 - 2017-06-18 16:03 - 00171344 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00178120 _____ () C:\Program Files\AVG\Antivirus\event_routing_rpc.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00224352 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2017-06-19 08:00 - 2017-06-19 08:00 - 05678080 _____ () C:\Program Files\AVG\Antivirus\defs\17061902\algo.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00685784 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00231760 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2017-06-22 07:41 - 2017-06-22 07:41 - 05678592 _____ () C:\Program Files\AVG\Antivirus\defs\17062200\algo.dll
2007-06-09 20:30 - 2007-06-09 20:30 - 00372736 _____ () C:\WINDOWS\system32\portmon.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00136048 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll
2012-11-29 16:59 - 2012-11-29 16:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2003-05-30 10:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll
2002-12-12 01:14 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2002-08-29 06:00 - 2008-04-13 19:11 - 00498742 _____ () C:\WINDOWS\system32\dxmasf.dll
2002-12-12 01:14 - 2013-01-02 01:49 - 00148992 ____C () C:\WINDOWS\System32\mpg2splt.ax
2002-12-12 01:14 - 2014-02-05 03:55 - 00562688 ____C () C:\WINDOWS\System32\qedit.dll
2003-05-30 10:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00992760 _____ () C:\Program Files\AVG\Antivirus\AvChrome.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 48936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2016-10-31 18:45 - 2016-10-31 18:45 - 00321208 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2016-11-28 06:32 - 2016-11-28 06:28 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-06-15 06:44 - 2017-06-15 06:44 - 20064256 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_126.dll
2011-03-23 03:15 - 2000-09-14 08:20 - 01191936 _____ () C:\Program Files\OLYMPUS\CAMEDIA Master\Olympus Camedia.exe
2011-03-23 03:15 - 2000-08-28 15:17 - 00045056 ____C () C:\Program Files\OLYMPUS\CAMEDIA Master\ISXCatalogServer.dll
2011-03-23 03:15 - 2000-08-28 15:19 - 00376832 ____C () C:\Program Files\OLYMPUS\CAMEDIA Master\OLYMPUSCAMERASERVER.DLL
2011-03-23 03:15 - 2000-08-28 15:21 - 00421888 ____C () C:\Program Files\OLYMPUS\CAMEDIA Master\OLYMPUSDISKSERVER.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 [124]
AlternateDataStreams: C:\Documents and Settings\Teressa\Desktop\Moonlight Heat.odt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Documents and Settings\Teressa\Desktop\Voice Test 1.wav:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\avg.com -> hxxps://www.update.avg.com
IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\avg.cz -> hxxps://backup.avg.cz
IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\magicjack.com -> hxxps://my.magicjack.com
IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\talk4free.com -> hxxps://reg.talk4free.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-08-29 06:00 - 2009-04-05 19:49 - 00000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk => C:\WINDOWS\pss\CallWave.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk => C:\WINDOWS\pss\Google Updater.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk => C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk => C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Sonic INSTALLit! Setup.lnk => C:\WINDOWS\pss\Sonic INSTALLit! Setup.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKCALREM.LNK => C:\WINDOWS\pss\WKCALREM.LNKStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKSCAL.EXE => C:\WINDOWS\pss\WKSCAL.EXEStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AnyDVD => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: diagent => "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
MSCONFIG\startupreg: Dropbox Update => "C:\Documents and Settings\Teressa\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: dvd43 => C:\Program Files\dvd43\dvd43_tray.exe
MSCONFIG\startupreg: DVDSentry => C:\WINDOWS\System32\DSentry.exe
MSCONFIG\startupreg: GhostStartTrayApp =>
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPHmon03 => C:\WINDOWS\System32\hphmon03.exe
MSCONFIG\startupreg: ISUSPM Startup => c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: mmtask => C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
MSCONFIG\startupreg: Motive SmartBridge => C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NAV CfgWiz =>
MSCONFIG\startupreg: Norton SystemWorks => "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\Media Experience\PCMService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sonic RecordNow! =>
MSCONFIG\startupreg: Spotify => "C:\Documents and Settings\Teressa\Application Data\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Documents and Settings\Teressa\Application Data\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
MSCONFIG\startupreg: UpdateManager => "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
MSCONFIG\startupreg: updateMgr => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\UpdReg.EXE
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Yahoo! Pager => "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
MSCONFIG\startupreg: YBrowser => C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\hpwucli.exe] => Enabled:hpwucli.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YPager.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YServer.exe] => Enabled:Yahoo! FT Server
StandardProfile\AuthorizedApplications: [C:\Program Files\WinMX\WinMX.exe] => Enabled:WinMX Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client\SmartFTP.exe] => Enabled:SmartFTP Client 2.5
StandardProfile\AuthorizedApplications: [C:\Program Files\LimeWire\LimeWire.exe] => Enabled:LimeWire
StandardProfile\AuthorizedApplications: [C:\Program Files\Grisoft\AVG7\avginet.exe] => Enabled:avginet.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Grisoft\AVG7\avgamsvr.exe] => Enabled:avgamsvr.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Grisoft\AVG7\avgcc.exe] => Enabled:avgcc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\fxsclnt.exe] => Enabled:Microsoft  Fax Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe] => Enabled:AT&T Yahoo! Music Jukebox
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgui.exe] => Enabled:AVG Free User Interface
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgemc.exe] => Enabled:avgemc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgupd.exe] => Enabled:avgupd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgnsx.exe] => Enabled:avgnsx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\CallWave\IAM.exe] => Enabled:CallWave
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\hpwucli.exe] => Enabled:hpwucli.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe] => Enabled:Google Talk Plugin
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Local Settings\Temp\7zS11CD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Application Data\Spotify\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\Event Manager\EEventManager.exe] => Enabled:EEventManager.exe
StandardProfile\AuthorizedApplications: [H:\Network\EpsonNetSetup\ENEASYAPP.EXE] => Enabled:EpsonNet Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\ECPrinterSetup\ENPApp.exe] => Enabled:Epson Connect Printer Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Application Data\mjusbsp\magicJack.exe] => Enabled:magicJack
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5070:UDP] => Enabled:UDP

==================== Restore Points =========================

16-05-2017 06:21:04 System Checkpoint
17-05-2017 15:30:41 System Checkpoint
18-05-2017 18:15:07 System Checkpoint
20-05-2017 00:51:42 System Checkpoint
21-05-2017 10:13:59 System Checkpoint
22-05-2017 23:02:31 System Checkpoint
24-05-2017 06:06:36 System Checkpoint
25-05-2017 06:25:10 System Checkpoint
26-05-2017 15:27:06 System Checkpoint
27-05-2017 16:38:30 System Checkpoint
28-05-2017 18:37:08 System Checkpoint
29-05-2017 19:59:53 System Checkpoint
31-05-2017 06:25:19 System Checkpoint
01-06-2017 06:49:36 System Checkpoint
02-06-2017 16:15:59 System Checkpoint
04-06-2017 02:45:27 System Checkpoint
06-11-2003 15:45:19 System Checkpoint
04-06-2017 23:40:36 System Checkpoint
06-06-2017 02:20:59 System Checkpoint
07-06-2017 02:49:40 System Checkpoint
08-06-2017 06:15:58 System Checkpoint
09-06-2017 06:45:00 System Checkpoint
10-06-2017 11:23:01 System Checkpoint
11-06-2017 12:44:26 System Checkpoint
12-06-2017 13:53:34 System Checkpoint
13-06-2017 16:19:39 System Checkpoint
14-06-2017 03:01:05 Software Distribution Service 3.0
15-06-2017 04:03:16 Restore Operation
15-06-2017 16:34:11 Restore Operation
15-06-2017 16:50:54 Restore Operation
15-06-2017 16:59:21 Restore Operation
15-06-2017 17:07:29 Restore Operation
15-06-2017 17:17:19 Restore Operation
15-06-2017 17:25:54 Restore Operation
15-06-2017 17:34:22 Restore Operation
15-06-2017 17:51:53 Restore Operation
16-06-2017 18:52:21 System Checkpoint
17-06-2017 06:22:10 JRT Pre-Junkware Removal
17-06-2017 15:37:38 JRT Pre-Junkware Removal
18-06-2017 16:09:48 Installed Windows XP Wdf01009.
18-06-2017 16:23:20 Removed AVG
18-06-2017 16:31:46 Removed AVG 2016
19-06-2017 20:31:03 System Checkpoint
21-06-2017 00:45:31 System Checkpoint
22-06-2017 03:26:54 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2017 01:27:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application olympus camedia.exe, version 0.0.0.0, faulting module comctl32.dll, version 5.82.2900.6028, fault address 0x000192f2.
Processing media-specific event for [olympus camedia.exe!ws!]

Error: (06/21/2017 07:19:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/21/2017 06:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application olympus camedia.exe, version 0.0.0.0, faulting module comctl32.dll, version 5.82.2900.6028, fault address 0x0001a8be.
Processing media-specific event for [olympus camedia.exe!ws!]

Error: (06/21/2017 04:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application olympus camedia.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.
Processing media-specific event for [olympus camedia.exe!ws!]

Error: (06/20/2017 02:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application olympus camedia.exe, version 0.0.0.0, faulting module comctl32.dll, version 5.82.2900.6028, fault address 0x00007092.
Processing media-specific event for [olympus camedia.exe!ws!]

Error: (06/19/2017 04:32:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [firefox.exe!ws!]

Error: (06/17/2017 07:36:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamtray.exe, version 3.0.0.1068, faulting module mbamtray.exe, version 3.0.0.1068, fault address 0x0008a378.
Processing media-specific event for [mbamtray.exe!ws!]

Error: (06/17/2017 07:22:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/17/2017 06:51:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/17/2017 06:15:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a9fd6.
Processing media-specific event for [mbam.exe!ws!]


System errors:
=============
Error: (06/19/2017 05:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/19/2017 05:33:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/19/2017 03:32:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/18/2017 04:19:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The avgbIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVG\Antivirus\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Avast.VC110.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Avast.VC110.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVG\Antivirus\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Avast.VC110.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Avast.VC110.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

 
 
 = = = = = = = = = = = = = = = = = = = =   M e m o r y   i n f o   = = = = = = = = = = = = = = = = = = = = = = = = = = =  
 
 
 
 P r o c e s s o r :     I n t e l ( R )   P e n t i u m ( R )   4   C P U   2 . 6 0 G H z
 
 P e r c e n t a g e   o f   m e m o r y   i n   u s e :   5 5 %
 
 T o t a l   p h y s i c a l   R A M :   2 5 5 8 . 9 8   M B
 
 A v a i l a b l e   p h y s i c a l   R A M :   1 1 2 8 . 7 9   M B
 
 T o t a l   V i r t u a l :   3 1 7 3 . 4 2   M B
 
 A v a i l a b l e   V i r t u a l :   1 6 1 5 . 3 2   M B
 
 
 
 = = = = = = = = = = = = = = = = = = = =   D r i v e s   = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 
 
 
 D r i v e   c :   ( )   ( F i x e d )   ( T o t a l : 7 4 . 4 6   G B )   ( F r e e : 2 5 . 0 5   G B )   N T F S   = = > [ d r i v e   w i t h   b o o t   c o m p o n e n t s   ( W i n d o w s   X P ) ]
 
 D r i v e   h :   ( M A R )   ( C D R O M )   ( T o t a l : 0 . 6 3   G B )   ( F r e e : 0   G B )   C D F S
 
 D r i v e   l :   ( M y   B o o k )   ( F i x e d )   ( T o t a l : 9 3 0 . 8 6   G B )   ( F r e e : 4 5 6 . 6 6   G B )   N T F S
 
 
 
 = = = = = = = = = = = = = = = = = = = =   M B R   &   P a r t i t i o n   T a b l e   = = = = = = = = = = = = = = = = = =
 
 
 
 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 
 D i s k :   0   ( M B R   C o d e :   W i n d o w s   X P )   ( S i z e :   7 4 . 5   G B )   ( D i s k   I D :   9 D C 9 6 E 9 E )
 
 P a r t i t i o n   1 :   ( N o t   A c t i v e )   -   ( S i z e = 3 9   M B )   -   ( T y p e = D E )
 
 P a r t i t i o n   2 :   ( A c t i v e )   -   ( S i z e = 7 4 . 5   G B )   -   ( T y p e = 0 7   N T F S )
 
 
 
 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 
 D i s k :   1   ( M B R   C o d e :   W i n d o w s   X P )   ( S i z e :   9 3 0 . 9   G B )   ( D i s k   I D :   0 0 3 6 D F 2 1 )
 
 P a r t i t i o n   1 :   ( N o t   A c t i v e )   -   ( S i z e = 9 3 0 . 9   G B )   -   ( T y p e = 0 7   N T F S )
 
 
 
 = = = = = = = = = = = = = = = = = = = =   E n d   o f   A d d i t i o n . t x t   = = = = = = = = = = = = = = = = = = = = = = = = = = = =

descriptionSolvedRe: Possible Malware

more_horiz
See this page on instructions to download and use ComboFix: https://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log(s) back here for review once done running. Any questions, please notify me before making any deliberate decisions.

descriptionSolvedRe: Possible Malware

more_horiz
ComboFix 17-05-16.14 - Teressa 06/22/2017  23:20:35.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2559.1887 [GMT -5:00]
Running from: c:\documents and settings\Teressa\Desktop\ComboFix.exe
AV: AVG Antivirus *Disabled/Updated* {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}
AV: Malwarebytes *Disabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Start Menu\Programs\Startup\Setup.exe
c:\documents and settings\Teressa\Application Data\inst.exe
c:\documents and settings\Teressa\GoToAssistDownloadHelper.exe
c:\documents and settings\Teressa\My Documents\~WRL0003.tmp
c:\documents and settings\Teressa\My Documents\~WRL0004.tmp
c:\documents and settings\Teressa\My Documents\~WRL0005.tmp
c:\documents and settings\Teressa\My Documents\~WRL0057.tmp
c:\documents and settings\Teressa\My Documents\~WRL0103.tmp
c:\documents and settings\Teressa\My Documents\~WRL0211.tmp
c:\documents and settings\Teressa\My Documents\~WRL0604.tmp
c:\documents and settings\Teressa\My Documents\~WRL1261.tmp
c:\documents and settings\Teressa\My Documents\~WRL1708.tmp
c:\documents and settings\Teressa\My Documents\~WRL2155.tmp
c:\documents and settings\Teressa\My Documents\~WRL2616.tmp
c:\documents and settings\Teressa\My Documents\~WRL2802.tmp
c:\documents and settings\Teressa\My Documents\~WRL2959.tmp
c:\documents and settings\Teressa\My Documents\~WRL3850.tmp
c:\documents and settings\Teressa\My Documents\~WRL3982.tmp
c:\documents and settings\Teressa\My Documents\~WRL3994.tmp
c:\documents and settings\Teressa\My Documents\Con63B.tmp
c:\documents and settings\Teressa\Recent\Internet Radio on Yahoo! Music.url
c:\documents and settings\Teressa\Recent\Music Videos & More on Yahoo! Music.url
c:\documents and settings\Teressa\WINDOWS
C:\Logo.sys
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc1.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc10.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc11.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc12.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc13.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc14.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc15.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc16.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc17.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc18.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc19.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc2.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc20.jpg
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc21.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc22.jpg
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc23.jpg
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc3.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc4.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc5.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc6.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc7.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc8.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc9.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\INFO2
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\iun6002.exe
c:\windows\msdownld.tmp
c:\windows\patch.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\01adf5d15d97b6e4.fb
c:\windows\system32\Cache\02b95cd2aa334bac.fb
c:\windows\system32\Cache\15f3598777c6dac2.fb
c:\windows\system32\Cache\19e3385f14d9c159.fb
c:\windows\system32\Cache\1e0094425ba202ae.fb
c:\windows\system32\Cache\232b9ead903778ac.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2aacccb09fa2936b.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\336eaebf57489d5f.fb
c:\windows\system32\Cache\33f8d6fecf685019.fb
c:\windows\system32\Cache\3524a3af08338341.fb
c:\windows\system32\Cache\3667b0c35d2626f2.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3af4c95f9d1dd886.fb
c:\windows\system32\Cache\3c259ad1282f8f3a.fb
c:\windows\system32\Cache\437c7c64c91b53dd.fb
c:\windows\system32\Cache\48b06b9147afe953.fb
c:\windows\system32\Cache\4ca5f3f4716ef8be.fb
c:\windows\system32\Cache\4cc7e5e43d487072.fb
c:\windows\system32\Cache\4ea7207fdee54a68.fb
c:\windows\system32\Cache\569adf128ac79dc1.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6924b8a080aba9f8.fb
c:\windows\system32\Cache\6b280a50882c71c8.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6e75f2e7ca63d88f.fb
c:\windows\system32\Cache\77af3f161fcfc107.fb
c:\windows\system32\Cache\82e6b873b8f9143e.fb
c:\windows\system32\Cache\868a83c988574375.fb
c:\windows\system32\Cache\8d1fbe47f181c6f7.fb
c:\windows\system32\Cache\919f4c616acd2a0d.fb
c:\windows\system32\Cache\9297368afa358903.fb
c:\windows\system32\Cache\9414897813416f22.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\9ce3d1a8a170a741.fb
c:\windows\system32\Cache\9e8c265ef34fbc2e.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\aa800fad876be2e4.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b233a95127f6083d.fb
c:\windows\system32\Cache\b996746ccefb0862.fb
c:\windows\system32\Cache\b9da13ecddef75f6.fb
c:\windows\system32\Cache\bd74a965b6f2401d.fb
c:\windows\system32\Cache\bea1dfad97e41284.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c265976e30d02c76.fb
c:\windows\system32\Cache\c2f29fecd911835b.fb
c:\windows\system32\Cache\c3cab96cf2c9e1a0.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d548ec59186e4d0e.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dc5791a6f060f776.fb
c:\windows\system32\Cache\dc6913fd72a07ec2.fb
c:\windows\system32\Cache\dfde4200972f200a.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e490277da17aa845.fb
c:\windows\system32\Cache\e4eae1582049203a.fb
c:\windows\system32\Cache\e5c5fdaff7bcd6e2.fb
c:\windows\system32\Cache\e89661a14daf6719.fb
c:\windows\system32\Cache\e8b1dc89a419fa72.fb
c:\windows\system32\Cache\ee87071ae4bcb1cf.fb
c:\windows\system32\Cache\ef3280fa67020706.fb
c:\windows\system32\Cache\f3d8af81b4e75268.fb
c:\windows\system32\Cache\f777207749809af7.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\EV02
c:\windows\system32\ntnet.drv
c:\windows\system32\SETB3C.tmp
c:\windows\system32\SETB41.tmp
c:\windows\system32\SETB48.tmp
c:\windows\system32\SETB51.tmp
c:\windows\system32\SETB53.tmp
c:\windows\system32\SETB55.tmp
c:\windows\system32\SETB56.tmp
c:\windows\system32\setb9.tmp
c:\windows\wmsysprx.prx
c:\windows\XSxS
C:\WindowsXP-KB944781-x86-ENU.exe
.
.
(((((((((((((((((((((((((   Files Created from 2017-05-23 to 2017-06-23  )))))))))))))))))))))))))))))))
.
.
2017-06-22 19:50 . 2017-06-22 19:59    --------    d-----w-    C:\FRST
2017-06-21 04:42 . 2017-06-21 04:42    --------    d-----w-    c:\documents and settings\Teressa\Local Settings\Application Data\ESET
2017-06-18 21:04 . 2017-06-18 21:03    331896    ----a-w-    c:\windows\system32\avgBoot.exe
2017-06-16 20:10 . 2017-06-16 22:10    --------    d-----w-    C:\AdwCleaner
2017-06-16 05:42 . 2017-06-16 05:42    147232    ----a-w-    c:\windows\system32\drivers\MBAMChameleon.sys
2017-06-16 05:36 . 2017-06-23 02:37    39840    ----a-w-    c:\windows\system32\drivers\mbam.sys
2017-06-16 05:36 . 2017-06-23 02:36    220576    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-06-16 05:35 . 2017-05-25 16:58    59936    ----a-w-    c:\windows\system32\drivers\mbae.sys
2017-06-16 05:34 . 2017-06-16 05:34    --------    d-----w-    c:\program files\Malwarebytes
2017-06-16 02:33 . 2017-06-16 02:33    --------    d-sh--w-    c:\documents and settings\Administrator.PROSPERITY\PrivacIE
2017-06-15 23:18 . 2017-06-15 23:18    --------    d-----w-    c:\documents and settings\Administrator.PROSPERITY\Local Settings\Application Data\Google
2017-06-04 04:38 . 2017-06-04 04:38    17404160    ----a-w-    c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-15 11:44 . 2012-10-25 21:00    803328    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2017-06-15 11:44 . 2011-05-13 04:24    144896    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2007-07-18 06:36 . 2007-07-18 06:36    336    -c--a-w-    c:\program files\temp995.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-03-21 13:15    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-03-21 13:15    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-03-21 13:15    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Teressa\Application Data\mjusbsp\cdloader2.exe" [2014-07-04 51592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-31 196608]
"AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2017-05-31 220288]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
"AVGUI.exe"="c:\program files\AVG\Antivirus\AvLaunch.exe" [2017-06-18 263232]
.
c:\documents and settings\Teressa\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2016-10-31 823992]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-01-20 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
backup=c:\windows\pss\CallWave.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
backup=c:\windows\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Sonic INSTALLit! Setup.lnk]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\Sonic INSTALLit! Setup.lnk
backup=c:\windows\pss\Sonic INSTALLit! Setup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKSCAL.EXE]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\WKSCAL.EXE
backup=c:\windows\pss\WKSCAL.EXEStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    -c--a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59    122880    ----a-w-    c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01    135264    ----a-w-    c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-24 01:34    827904    -c--a-w-    c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 16:27    28672    -c--a-w-    c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2015-08-30 15:32    144200    ----atw-    c:\documents and settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17    49152    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2003-01-31 00:55    311296    ----a-w-    c:\windows\SYSTEM32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-08-25 16:11    221184    ----a-w-    c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44    81920    -c--a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 18:25    2363392    ----a-w-    c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 18:03    53248    ----a-w-    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2003-12-10 10:52    380928    ----a-w-    c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ----a-w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-04-24 22:58    4616192    -c--a-w-    c:\windows\SYSTEM32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47    204800    -c----w-    c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-28 22:37    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00    90112    ------w-    c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-10-31 21:38    2072928    ----a-w-    c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Teressa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Teressa\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Teressa\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5070:UDP"= 5070:UDP:UDP
.
R0 avgbidsh;avgbidsh;\SystemRoot\\SystemRoot\system32\drivers\avgbidshx.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgbidshx.sys [?]
R0 avgblog;avgblog;\SystemRoot\\SystemRoot\system32\drivers\avgblogx.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgblogx.sys [?]
R0 avgbuniv;avgbuniv;\SystemRoot\\SystemRoot\system32\drivers\avgbunivx.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgbunivx.sys [?]
R0 avgRvrt;avgRvrt;\SystemRoot\\SystemRoot\system32\drivers\avgRvrt.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgRvrt.sys [?]
R0 avgVmm;avgVmm;\SystemRoot\\SystemRoot\system32\drivers\avgVmm.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgVmm.sys [?]
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [1/30/2010 12:05 AM 717296]
R1 avgbdisk;avgbdisk;c:\windows\SYSTEM32\DRIVERS\avgbdiskx.sys [6/18/2017 4:06 PM 135872]
R1 avgbidsdriver;avgbidsdriver;c:\windows\SYSTEM32\DRIVERS\avgbidsdriverx.sys [6/18/2017 4:06 PM 260616]
R1 avgRdr;avgRdr;c:\windows\SYSTEM32\DRIVERS\avgRdr.sys [6/18/2017 4:06 PM 61888]
R1 avgSnx;avgSnx;c:\windows\SYSTEM32\DRIVERS\avgSnx.sys [6/18/2017 4:06 PM 765704]
R1 avgSP;avgSP;c:\windows\SYSTEM32\DRIVERS\avgSP.sys [6/18/2017 4:06 PM 483736]
R1 MBAMChameleon;MBAMChameleon;c:\windows\SYSTEM32\DRIVERS\MBAMChameleon.sys [6/16/2017 12:42 AM 147232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 11:33 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 11:33 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/4/2010 3:39 AM 143776]
R2 AVG Antivirus;AVG Antivirus;c:\program files\AVG\Antivirus\AVGSvc.exe [6/18/2017 4:03 PM 264432]
R2 avgMonFlt;avgMonFlt;c:\windows\SYSTEM32\DRIVERS\avgMonFlt.sys [6/18/2017 4:06 PM 109056]
R2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [5/31/2017 2:46 PM 1189720]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [8/10/2016 4:20 AM 142432]
R3 avgStmXP;avgStmXP;c:\windows\SYSTEM32\DRIVERS\avgstmxp.sys [6/18/2017 4:06 PM 182208]
R3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\SYSTEM32\DRIVERS\plturbo.sys [6/15/2010 9:40 PM 16640]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [11/5/2010 2:53 PM 11520]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [6/16/2017 12:35 AM 3398608]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\SYSTEM32\DRIVERS\lgandbus.sys [6/30/2015 9:05 AM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\SYSTEM32\DRIVERS\lganddiag.sys [6/30/2015 9:05 AM 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\SYSTEM32\DRIVERS\lgandgps.sys [6/30/2015 9:05 AM 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\SYSTEM32\DRIVERS\lgandmodem.sys [6/30/2015 9:05 AM 25088]
S3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\SYSTEM32\DRIVERS\lgandnetbus.sys [6/30/2015 9:05 AM 15744]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\SYSTEM32\DRIVERS\lgandnetdiag.sys [6/30/2015 9:05 AM 24576]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\SYSTEM32\DRIVERS\lgandnetmodem.sys [6/30/2015 9:05 AM 29696]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\SYSTEM32\DRIVERS\lgandnetndis.sys [6/30/2015 9:05 AM 70784]
S3 avgbIDSAgent;avgbIDSAgent;c:\program files\AVG\Antivirus\aswidsagent.exe [6/18/2017 4:03 PM 5782800]
S3 avgHwid;avgHwid;c:\windows\SYSTEM32\DRIVERS\avgHwid.sys [6/18/2017 4:06 PM 35264]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\DRIVERS\hphius09.sys [1/30/2003 7:55 PM 18864]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/29/2002 6:00 AM 14336]
S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\SYSTEM32\DRIVERS\olcamudp.sys [2/7/2004 2:53 PM 10379]
S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [3/17/2010 11:45 PM 47360]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\SYSTEM32\DRIVERS\plturbh.sys [6/15/2010 9:40 PM 16384]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 11:33 AM 12872]
S3 WsDrvInst;Wondershare Driver Install Service;c:\program files\Wondershare\MobileTrans\DriverInstall.exe [8/14/2015 10:28 PM 103824]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08
getPlusHelper    REG_MULTI_SZ       getPlusHelper
nosGetPlusHelper    REG_MULTI_SZ       nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 11:44]
.
2017-06-23 c:\windows\Tasks\Antivirus Emergency Update.job
- c:\program files\AVG\Antivirus\AvEmUpdate.exe [2017-06-18 21:03]
.
2017-06-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 15:10]
.
2017-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:59]
.
2017-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:59]
.
2017-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job
- c:\documents and settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 15:32]
.
2017-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job
- c:\documents and settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 15:32]
.
2017-06-23 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
.
2017-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
.
2017-06-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-01-20 04:30]
.
2017-06-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-01-20 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
Trusted Zone: avg.com\www.update
Trusted Zone: avg.cz\backup
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-Dropbox Update - c:\documents and settings\Teressa\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Norton SystemWorks - c:\program files\Norton SystemWorks\cfgwiz.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Spotify - c:\documents and settings\Teressa\Application Data\Spotify\Spotify.exe
MSConfigStartUp-Spotify Web Helper - c:\documents and settings\Teressa\Application Data\Spotify\SpotifyWebHelper.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
MSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
MSConfigStartUp-YBrowser - c:\progra~1\Yahoo!\browser\ybrwicon.exe
AddRemove-AVG Web TuneUp - c:\program files\AVG Web TuneUp\UNINSTALL.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-06-22 23:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2017-06-22  23:46:47
ComboFix-quarantined-files.txt  2017-06-23 04:46
ComboFix2.txt  2009-06-18 22:04
.
Pre-Run: 26,920,128,512 bytes free
Post-Run: 27,495,890,944 bytes free
.
- - End Of File - - 5607C939C2D465E5E36BF2D8FCAFDD8E
8F558EB6672622401DA993E1E865C861

descriptionSolvedRe: Possible Malware

more_horiz
Above is the ComboScan Results.  However it failed to install the Recovery Console, but I went ahead with the scan.

descriptionSolvedRe: Possible Malware

more_horiz
TDSSKiller

  • Download TDSSKiller from BleepingComputer, then move the executable file on your Desktop;
  • Right-click on tdsskiller.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the End User Licence Agreement (EULA) and the KSN Statement;
  • Once the application is done initializing, click on the Change parameters button;
  • In addition to the current checked boxes, check these two as well:

    • Verify file digital signature;
    • Detect TDLFS file system;


  • Once done, click on Ok then click on Start scan;
  • After the scan is complete, click on the Report button, in the top right corner;
  • A report window will open with the scan log. Copy and paste it in your next reply;





We need to perform a scan with HitmanPro

  • Please download HitmanPro from here (32-bit) or here (64-bit).
  • Double click on to start the program. (Windows Vista/7/8 users: Accept UAC warning if it is activated)
    Note: If HitmanPro refuses to start then please hold down Ctrl when starting HitmanPro to activate Force Breach.
  • When HitmanPro's main screen appears, choose Next.
  • Place a checkmark in I accept the terms of the license agreement, then click Next.
  • Choose No, I only want to perform a one-time scan on this computer, then click Next.
  • Wait for HitmanPro to finish scanning your computer. This should take about 5 to 10 minutes.
  • When the scan is finished, all detected items will be displayed.
  • Referring to the screenshot below, click on the dropdown menu of an item in the list (if any) -> choose Apply to all -> click Ignore <= IMPORTANT!
    [img=https://i.imgur.com/Iph88Ru.png]
  • This should apply the "Ignore" function to all detected items in the list. Then click Next.
  • Click Save log at the bottom of the HitmanPro window, and save the opened file to your Desktop.
    [img=https://i.imgur.com/SreJ8pi.png]
  • Please Copy and Paste the contents of the log in your next reply.





Please launch Malwarebytes scanner which you have installed on your computer.

  • On the Dashboard, select Settings.
  • Click on Protection.
  • Ensure that Scan for rootkits is checked. If not, check it.
  • If you are notified the Database is out of date, click Update Now.
  • Click Scan now.
  • When completed, click the down arrow on Export Log and select Text file (*.txt).
  • Save the file to your desktop as MBAM.txt.
  • Click Apply Actions, then restart your computer, if requested.
  • Please copy and paste the contents of MBAM.txt into your next reply. Also, indicate if it was successful.

descriptionSolvedRe: Possible Malware

more_horiz
There is not a live link for Hitman Pro, above

descriptionSolvedRe: Possible Malware

more_horiz
Permissions in this forum:
You cannot reply to topics in this forum