GeekPolice Tech TutorialsLog in

 


Possible Malware

Share

descriptionSolvedRe: Possible Malware

more_horiz
See this page on instructions to download and use ComboFix: https://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log(s) back here for review once done running. Any questions, please notify me before making any deliberate decisions.

descriptionSolvedRe: Possible Malware

more_horiz
ComboFix 17-05-16.14 - Teressa 06/22/2017  23:20:35.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2559.1887 [GMT -5:00]
Running from: c:\documents and settings\Teressa\Desktop\ComboFix.exe
AV: AVG Antivirus *Disabled/Updated* {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}
AV: Malwarebytes *Disabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Start Menu\Programs\Startup\Setup.exe
c:\documents and settings\Teressa\Application Data\inst.exe
c:\documents and settings\Teressa\GoToAssistDownloadHelper.exe
c:\documents and settings\Teressa\My Documents\~WRL0003.tmp
c:\documents and settings\Teressa\My Documents\~WRL0004.tmp
c:\documents and settings\Teressa\My Documents\~WRL0005.tmp
c:\documents and settings\Teressa\My Documents\~WRL0057.tmp
c:\documents and settings\Teressa\My Documents\~WRL0103.tmp
c:\documents and settings\Teressa\My Documents\~WRL0211.tmp
c:\documents and settings\Teressa\My Documents\~WRL0604.tmp
c:\documents and settings\Teressa\My Documents\~WRL1261.tmp
c:\documents and settings\Teressa\My Documents\~WRL1708.tmp
c:\documents and settings\Teressa\My Documents\~WRL2155.tmp
c:\documents and settings\Teressa\My Documents\~WRL2616.tmp
c:\documents and settings\Teressa\My Documents\~WRL2802.tmp
c:\documents and settings\Teressa\My Documents\~WRL2959.tmp
c:\documents and settings\Teressa\My Documents\~WRL3850.tmp
c:\documents and settings\Teressa\My Documents\~WRL3982.tmp
c:\documents and settings\Teressa\My Documents\~WRL3994.tmp
c:\documents and settings\Teressa\My Documents\Con63B.tmp
c:\documents and settings\Teressa\Recent\Internet Radio on Yahoo! Music.url
c:\documents and settings\Teressa\Recent\Music Videos & More on Yahoo! Music.url
c:\documents and settings\Teressa\WINDOWS
C:\Logo.sys
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc1.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc10.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc11.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc12.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc13.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc14.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc15.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc16.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc17.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc18.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc19.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc2.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc20.jpg
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc21.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc22.jpg
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc23.jpg
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc3.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc4.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc5.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc6.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc7.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc8.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc9.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\INFO2
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\iun6002.exe
c:\windows\msdownld.tmp
c:\windows\patch.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\01adf5d15d97b6e4.fb
c:\windows\system32\Cache\02b95cd2aa334bac.fb
c:\windows\system32\Cache\15f3598777c6dac2.fb
c:\windows\system32\Cache\19e3385f14d9c159.fb
c:\windows\system32\Cache\1e0094425ba202ae.fb
c:\windows\system32\Cache\232b9ead903778ac.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2aacccb09fa2936b.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\336eaebf57489d5f.fb
c:\windows\system32\Cache\33f8d6fecf685019.fb
c:\windows\system32\Cache\3524a3af08338341.fb
c:\windows\system32\Cache\3667b0c35d2626f2.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3af4c95f9d1dd886.fb
c:\windows\system32\Cache\3c259ad1282f8f3a.fb
c:\windows\system32\Cache\437c7c64c91b53dd.fb
c:\windows\system32\Cache\48b06b9147afe953.fb
c:\windows\system32\Cache\4ca5f3f4716ef8be.fb
c:\windows\system32\Cache\4cc7e5e43d487072.fb
c:\windows\system32\Cache\4ea7207fdee54a68.fb
c:\windows\system32\Cache\569adf128ac79dc1.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6924b8a080aba9f8.fb
c:\windows\system32\Cache\6b280a50882c71c8.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6e75f2e7ca63d88f.fb
c:\windows\system32\Cache\77af3f161fcfc107.fb
c:\windows\system32\Cache\82e6b873b8f9143e.fb
c:\windows\system32\Cache\868a83c988574375.fb
c:\windows\system32\Cache\8d1fbe47f181c6f7.fb
c:\windows\system32\Cache\919f4c616acd2a0d.fb
c:\windows\system32\Cache\9297368afa358903.fb
c:\windows\system32\Cache\9414897813416f22.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\9ce3d1a8a170a741.fb
c:\windows\system32\Cache\9e8c265ef34fbc2e.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\aa800fad876be2e4.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b233a95127f6083d.fb
c:\windows\system32\Cache\b996746ccefb0862.fb
c:\windows\system32\Cache\b9da13ecddef75f6.fb
c:\windows\system32\Cache\bd74a965b6f2401d.fb
c:\windows\system32\Cache\bea1dfad97e41284.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c265976e30d02c76.fb
c:\windows\system32\Cache\c2f29fecd911835b.fb
c:\windows\system32\Cache\c3cab96cf2c9e1a0.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d548ec59186e4d0e.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dc5791a6f060f776.fb
c:\windows\system32\Cache\dc6913fd72a07ec2.fb
c:\windows\system32\Cache\dfde4200972f200a.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e490277da17aa845.fb
c:\windows\system32\Cache\e4eae1582049203a.fb
c:\windows\system32\Cache\e5c5fdaff7bcd6e2.fb
c:\windows\system32\Cache\e89661a14daf6719.fb
c:\windows\system32\Cache\e8b1dc89a419fa72.fb
c:\windows\system32\Cache\ee87071ae4bcb1cf.fb
c:\windows\system32\Cache\ef3280fa67020706.fb
c:\windows\system32\Cache\f3d8af81b4e75268.fb
c:\windows\system32\Cache\f777207749809af7.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\EV02
c:\windows\system32\ntnet.drv
c:\windows\system32\SETB3C.tmp
c:\windows\system32\SETB41.tmp
c:\windows\system32\SETB48.tmp
c:\windows\system32\SETB51.tmp
c:\windows\system32\SETB53.tmp
c:\windows\system32\SETB55.tmp
c:\windows\system32\SETB56.tmp
c:\windows\system32\setb9.tmp
c:\windows\wmsysprx.prx
c:\windows\XSxS
C:\WindowsXP-KB944781-x86-ENU.exe
.
.
(((((((((((((((((((((((((   Files Created from 2017-05-23 to 2017-06-23  )))))))))))))))))))))))))))))))
.
.
2017-06-22 19:50 . 2017-06-22 19:59    --------    d-----w-    C:\FRST
2017-06-21 04:42 . 2017-06-21 04:42    --------    d-----w-    c:\documents and settings\Teressa\Local Settings\Application Data\ESET
2017-06-18 21:04 . 2017-06-18 21:03    331896    ----a-w-    c:\windows\system32\avgBoot.exe
2017-06-16 20:10 . 2017-06-16 22:10    --------    d-----w-    C:\AdwCleaner
2017-06-16 05:42 . 2017-06-16 05:42    147232    ----a-w-    c:\windows\system32\drivers\MBAMChameleon.sys
2017-06-16 05:36 . 2017-06-23 02:37    39840    ----a-w-    c:\windows\system32\drivers\mbam.sys
2017-06-16 05:36 . 2017-06-23 02:36    220576    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-06-16 05:35 . 2017-05-25 16:58    59936    ----a-w-    c:\windows\system32\drivers\mbae.sys
2017-06-16 05:34 . 2017-06-16 05:34    --------    d-----w-    c:\program files\Malwarebytes
2017-06-16 02:33 . 2017-06-16 02:33    --------    d-sh--w-    c:\documents and settings\Administrator.PROSPERITY\PrivacIE
2017-06-15 23:18 . 2017-06-15 23:18    --------    d-----w-    c:\documents and settings\Administrator.PROSPERITY\Local Settings\Application Data\Google
2017-06-04 04:38 . 2017-06-04 04:38    17404160    ----a-w-    c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-15 11:44 . 2012-10-25 21:00    803328    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2017-06-15 11:44 . 2011-05-13 04:24    144896    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2007-07-18 06:36 . 2007-07-18 06:36    336    -c--a-w-    c:\program files\temp995.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-03-21 13:15    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-03-21 13:15    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-03-21 13:15    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Teressa\Application Data\mjusbsp\cdloader2.exe" [2014-07-04 51592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-31 196608]
"AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2017-05-31 220288]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
"AVGUI.exe"="c:\program files\AVG\Antivirus\AvLaunch.exe" [2017-06-18 263232]
.
c:\documents and settings\Teressa\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2016-10-31 823992]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-01-20 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
backup=c:\windows\pss\CallWave.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
backup=c:\windows\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Sonic INSTALLit! Setup.lnk]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\Sonic INSTALLit! Setup.lnk
backup=c:\windows\pss\Sonic INSTALLit! Setup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKSCAL.EXE]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\WKSCAL.EXE
backup=c:\windows\pss\WKSCAL.EXEStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    -c--a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59    122880    ----a-w-    c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01    135264    ----a-w-    c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-24 01:34    827904    -c--a-w-    c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 16:27    28672    -c--a-w-    c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2015-08-30 15:32    144200    ----atw-    c:\documents and settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17    49152    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2003-01-31 00:55    311296    ----a-w-    c:\windows\SYSTEM32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-08-25 16:11    221184    ----a-w-    c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44    81920    -c--a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 18:25    2363392    ----a-w-    c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 18:03    53248    ----a-w-    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2003-12-10 10:52    380928    ----a-w-    c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ----a-w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-04-24 22:58    4616192    -c--a-w-    c:\windows\SYSTEM32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47    204800    -c----w-    c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-28 22:37    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00    90112    ------w-    c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-10-31 21:38    2072928    ----a-w-    c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Teressa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Teressa\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Teressa\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5070:UDP"= 5070:UDP:UDP
.
R0 avgbidsh;avgbidsh;\SystemRoot\\SystemRoot\system32\drivers\avgbidshx.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgbidshx.sys [?]
R0 avgblog;avgblog;\SystemRoot\\SystemRoot\system32\drivers\avgblogx.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgblogx.sys [?]
R0 avgbuniv;avgbuniv;\SystemRoot\\SystemRoot\system32\drivers\avgbunivx.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgbunivx.sys [?]
R0 avgRvrt;avgRvrt;\SystemRoot\\SystemRoot\system32\drivers\avgRvrt.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgRvrt.sys [?]
R0 avgVmm;avgVmm;\SystemRoot\\SystemRoot\system32\drivers\avgVmm.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgVmm.sys [?]
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [1/30/2010 12:05 AM 717296]
R1 avgbdisk;avgbdisk;c:\windows\SYSTEM32\DRIVERS\avgbdiskx.sys [6/18/2017 4:06 PM 135872]
R1 avgbidsdriver;avgbidsdriver;c:\windows\SYSTEM32\DRIVERS\avgbidsdriverx.sys [6/18/2017 4:06 PM 260616]
R1 avgRdr;avgRdr;c:\windows\SYSTEM32\DRIVERS\avgRdr.sys [6/18/2017 4:06 PM 61888]
R1 avgSnx;avgSnx;c:\windows\SYSTEM32\DRIVERS\avgSnx.sys [6/18/2017 4:06 PM 765704]
R1 avgSP;avgSP;c:\windows\SYSTEM32\DRIVERS\avgSP.sys [6/18/2017 4:06 PM 483736]
R1 MBAMChameleon;MBAMChameleon;c:\windows\SYSTEM32\DRIVERS\MBAMChameleon.sys [6/16/2017 12:42 AM 147232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 11:33 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 11:33 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/4/2010 3:39 AM 143776]
R2 AVG Antivirus;AVG Antivirus;c:\program files\AVG\Antivirus\AVGSvc.exe [6/18/2017 4:03 PM 264432]
R2 avgMonFlt;avgMonFlt;c:\windows\SYSTEM32\DRIVERS\avgMonFlt.sys [6/18/2017 4:06 PM 109056]
R2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [5/31/2017 2:46 PM 1189720]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [8/10/2016 4:20 AM 142432]
R3 avgStmXP;avgStmXP;c:\windows\SYSTEM32\DRIVERS\avgstmxp.sys [6/18/2017 4:06 PM 182208]
R3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\SYSTEM32\DRIVERS\plturbo.sys [6/15/2010 9:40 PM 16640]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [11/5/2010 2:53 PM 11520]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [6/16/2017 12:35 AM 3398608]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\SYSTEM32\DRIVERS\lgandbus.sys [6/30/2015 9:05 AM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\SYSTEM32\DRIVERS\lganddiag.sys [6/30/2015 9:05 AM 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\SYSTEM32\DRIVERS\lgandgps.sys [6/30/2015 9:05 AM 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\SYSTEM32\DRIVERS\lgandmodem.sys [6/30/2015 9:05 AM 25088]
S3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\SYSTEM32\DRIVERS\lgandnetbus.sys [6/30/2015 9:05 AM 15744]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\SYSTEM32\DRIVERS\lgandnetdiag.sys [6/30/2015 9:05 AM 24576]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\SYSTEM32\DRIVERS\lgandnetmodem.sys [6/30/2015 9:05 AM 29696]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\SYSTEM32\DRIVERS\lgandnetndis.sys [6/30/2015 9:05 AM 70784]
S3 avgbIDSAgent;avgbIDSAgent;c:\program files\AVG\Antivirus\aswidsagent.exe [6/18/2017 4:03 PM 5782800]
S3 avgHwid;avgHwid;c:\windows\SYSTEM32\DRIVERS\avgHwid.sys [6/18/2017 4:06 PM 35264]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\DRIVERS\hphius09.sys [1/30/2003 7:55 PM 18864]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/29/2002 6:00 AM 14336]
S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\SYSTEM32\DRIVERS\olcamudp.sys [2/7/2004 2:53 PM 10379]
S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [3/17/2010 11:45 PM 47360]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\SYSTEM32\DRIVERS\plturbh.sys [6/15/2010 9:40 PM 16384]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 11:33 AM 12872]
S3 WsDrvInst;Wondershare Driver Install Service;c:\program files\Wondershare\MobileTrans\DriverInstall.exe [8/14/2015 10:28 PM 103824]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08
getPlusHelper    REG_MULTI_SZ       getPlusHelper
nosGetPlusHelper    REG_MULTI_SZ       nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 11:44]
.
2017-06-23 c:\windows\Tasks\Antivirus Emergency Update.job
- c:\program files\AVG\Antivirus\AvEmUpdate.exe [2017-06-18 21:03]
.
2017-06-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 15:10]
.
2017-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:59]
.
2017-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:59]
.
2017-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job
- c:\documents and settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 15:32]
.
2017-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job
- c:\documents and settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 15:32]
.
2017-06-23 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
.
2017-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
.
2017-06-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-01-20 04:30]
.
2017-06-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-01-20 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
Trusted Zone: avg.com\www.update
Trusted Zone: avg.cz\backup
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-Dropbox Update - c:\documents and settings\Teressa\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Norton SystemWorks - c:\program files\Norton SystemWorks\cfgwiz.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Spotify - c:\documents and settings\Teressa\Application Data\Spotify\Spotify.exe
MSConfigStartUp-Spotify Web Helper - c:\documents and settings\Teressa\Application Data\Spotify\SpotifyWebHelper.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
MSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
MSConfigStartUp-YBrowser - c:\progra~1\Yahoo!\browser\ybrwicon.exe
AddRemove-AVG Web TuneUp - c:\program files\AVG Web TuneUp\UNINSTALL.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-06-22 23:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2017-06-22  23:46:47
ComboFix-quarantined-files.txt  2017-06-23 04:46
ComboFix2.txt  2009-06-18 22:04
.
Pre-Run: 26,920,128,512 bytes free
Post-Run: 27,495,890,944 bytes free
.
- - End Of File - - 5607C939C2D465E5E36BF2D8FCAFDD8E
8F558EB6672622401DA993E1E865C861

descriptionSolvedRe: Possible Malware

more_horiz
Above is the ComboScan Results.  However it failed to install the Recovery Console, but I went ahead with the scan.

descriptionSolvedRe: Possible Malware

more_horiz
TDSSKiller

  • Download TDSSKiller from BleepingComputer, then move the executable file on your Desktop;
  • Right-click on tdsskiller.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the End User Licence Agreement (EULA) and the KSN Statement;
  • Once the application is done initializing, click on the Change parameters button;
  • In addition to the current checked boxes, check these two as well:

    • Verify file digital signature;
    • Detect TDLFS file system;


  • Once done, click on Ok then click on Start scan;
  • After the scan is complete, click on the Report button, in the top right corner;
  • A report window will open with the scan log. Copy and paste it in your next reply;





We need to perform a scan with HitmanPro

  • Please download HitmanPro from here (32-bit) or here (64-bit).
  • Double click on to start the program. (Windows Vista/7/8 users: Accept UAC warning if it is activated)
    Note: If HitmanPro refuses to start then please hold down Ctrl when starting HitmanPro to activate Force Breach.
  • When HitmanPro's main screen appears, choose Next.
  • Place a checkmark in I accept the terms of the license agreement, then click Next.
  • Choose No, I only want to perform a one-time scan on this computer, then click Next.
  • Wait for HitmanPro to finish scanning your computer. This should take about 5 to 10 minutes.
  • When the scan is finished, all detected items will be displayed.
  • Referring to the screenshot below, click on the dropdown menu of an item in the list (if any) -> choose Apply to all -> click Ignore <= IMPORTANT!
    [img=https://i.imgur.com/Iph88Ru.png]
  • This should apply the "Ignore" function to all detected items in the list. Then click Next.
  • Click Save log at the bottom of the HitmanPro window, and save the opened file to your Desktop.
    [img=https://i.imgur.com/SreJ8pi.png]
  • Please Copy and Paste the contents of the log in your next reply.





Please launch Malwarebytes scanner which you have installed on your computer.

  • On the Dashboard, select Settings.
  • Click on Protection.
  • Ensure that Scan for rootkits is checked. If not, check it.
  • If you are notified the Database is out of date, click Update Now.
  • Click Scan now.
  • When completed, click the down arrow on Export Log and select Text file (*.txt).
  • Save the file to your desktop as MBAM.txt.
  • Click Apply Actions, then restart your computer, if requested.
  • Please copy and paste the contents of MBAM.txt into your next reply. Also, indicate if it was successful.

descriptionSolvedRe: Possible Malware

more_horiz
There is not a live link for Hitman Pro, above

descriptionSolvedRe: Possible Malware

more_horiz
Sorry, I found the link

descriptionSolvedRe: Possible Malware

more_horiz
TDSSKILLER, does not provide an option to copy the log file.  I can highlight, but I can not right click, copy.  I tried alt print, and that only captures the screen showing.  The scan showed no threats found.

descriptionSolvedRe: Possible Malware

more_horiz
HitmanPro results,

Code:


HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : PROSPERITY
   Windows . . . . . . . : 5.1.3.2600.X86/1
   User name . . . . . . : PROSPERITY\Teressa
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-06-24 03:31:32
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 26m 12s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 156

   Objects scanned . . . : 989,936
   Files scanned . . . . : 70,089
   Remnants scanned  . . : 196,446 files / 723,401 keys

Malware _____________________________________________________________________

   C:\Documents and Settings\Teressa\Desktop\All Folders\Desk Top\Ant-Virus Stuff\avenger.exe
      Size . . . . . . . : 731,136 bytes
      Age  . . . . . . . : 1687.8 days (2012-11-09 07:52:51)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 6485271FE48F7BE4CB49735C60FA4CF2FF52F235E2B24BFBA22DF6EA75FDA1D7
    > Kaspersky  . . . . : not-a-virus:RiskTool.Win32.Deleter.ag
      Fuzzy  . . . . . . : 114.0


Suspicious files ____________________________________________________________

   C:\Documents and Settings\Teressa\Desktop\New Folder (7)\FRST.exe
      Size . . . . . . . : 1,778,688 bytes
      Age  . . . . . . . : 1.5 days (2017-06-22 14:50:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 7DE76DB002505D6873AEC4EE96BE1D65F0C97A95619F39F64BFE64F3366A215F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -29.3s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\A879EC1B21EA724065EBA8357FDEC2E9E51DF949
         -28.3s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\E6263BC5E5BF3DB0D04976E8850CE7ADA98A2579
         -11.5s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\9AEB72F1994AC3AEFCC160642FF13135E80E3002
         -10.7s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\F8DAAFA7C1B654839C2FDE0F0D974759B0114DA5
         -10.3s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\FA3B612DE54680D506D2BADE3B085EA7CA4B066A
         -9.1s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\A233D012D68B969F9555C42A3D20BB3881819807
         -9.1s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\57E77EB72F290FF4601034316B0D6276405CBA75
         -9.1s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\6504125ED498F5631B75F5B9A257ECE8998499A0
         -9.0s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\1927796D2E2A2E7CD43182132E2C9ED262E60B07
          0.0s C:\Documents and Settings\Teressa\Desktop\New Folder (7)\FRST.exe
          1.0s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\32D8BA5067AB40EA3935FEBA04BC59B3573CC788
          7.1s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\ED44DA03DC6403B1FD8974F7032D42A4EA616194
         17.0s C:\Documents and Settings\Teressa\Local Settings\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cache2\entries\F25B2573CF95B49EB0AF514EF66B75C446E6DAA5

   C:\WINDOWS\system32\DVD43.dll
      Size . . . . . . . : 611,840 bytes
      Age  . . . . . . . : 1897.3 days (2012-04-13 19:30:06)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 66A346C28D2EA6D7B853F6A7B060418DD96BAF118A01AB1AB254DCADE9799CEF
      Product
      Publisher
      Description
      Version  . . . . . : 1.0.0.5
      Copyright
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The Entry Point of this file lies in a resource section. This is an indication of malware infection.
         The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
         Authors name is missing in version info. This is not common to most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.


Potential Unwanted Programs _________________________________________________

   C:\Documents and Settings\Teressa\Application Data\Yahoo!\Companion\ (YahooToolbar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}\ (Crossrider)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{aac66915-6fcf-49ab-a03b-5e2c7b534a4e}\ (MyWebFace)

Cookies _____________________________________________________________________

   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:254a.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:262855726.log.optimizely.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:83458010.log.optimizely.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:abmr.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:acuityplatform.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ad.360yield.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adaptv.advertising.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adbrn.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:addthis.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adfarm1.adition.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adform.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adgrx.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adhigh.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adingo.jp
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adnxs.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ads.avocet.io
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ads.creative-serving.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ads.deliverimp.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ads.kiosked.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ads.linkedin.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ads.pubmatic.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ads.stickyadstv.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adscale.de
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adserve.atedra.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adsrvr.org
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adsymptotic.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adtech.de
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adtechjp.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:adtechus.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:advertising.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:aexp.demdex.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:agkn.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:amgdgt.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:angsrvr.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:atdmt.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:atemda.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:att.demdex.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:basebanner.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:bidr.io
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:bidswitch.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:bluekai.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:bs.serving-sys.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:c.appier.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:capitaloneservices.tt.omtrdc.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:casalemedia.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:choice.demdex.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:comcast.demdex.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:connexity.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:contextweb.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:crwdcntrl.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ctnsnet.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:cw.addthis.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:d.adroll.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:dellinc.tt.omtrdc.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:demdex.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:dmtry.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:domdex.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:dotomi.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:doubleclick.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:dpm.demdex.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ebayinc.demdex.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:emjcd.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:epson.112.2o7.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:erne.co
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:eset.tt.omtrdc.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:everesttech.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:eyereturn.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:eyeviewads.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:fastclick.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:flashtalking.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:go.sonobi.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:googleadservices.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:gssprt.jp
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:gwallet.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ib.mookie1.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ibeu2.mookie1.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ibillboard.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ih.adscale.de
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:imrworldwide.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ipredictive.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:krxd.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:legolas-media.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:lijit.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:lw-ue.atemda.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:match.adsby.bidtheatre.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:match.rundsp.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:mathtag.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:media6degrees.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:mediaplex.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ml314.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:mookie1.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:mxptint.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:nexac.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:openx.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:optimatic.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:outbrain.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:owneriq.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:pagefair.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:pandoramedia.demdex.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:partners.tremorhub.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:pixel.rubiconproject.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:po.st
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:pool.admedo.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:postrelease.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:pubmatic.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:revsci.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:rfihub.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:rlcdn.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:rtbp-pixel.us.metanetwork.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:ru4.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:rubiconproject.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:sandbox.bidswitch.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:scorecardresearch.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:secure-assets.rubiconproject.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:serving-sys.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:simpli.fi
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:sitescout.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:skimresources.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:smartadserver.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:stags.bluekai.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:statcounter.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:stats.paypal.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:swid.switchads.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:switchadhub.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:sxp.smartclip.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:taboola.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:tap-secure.rubiconproject.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:tap-t.rubiconproject.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:tap.rubiconproject.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:tap2-cdn.rubiconproject.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:tapad.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:tidaltv.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:trc.taboola.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:tremorhub.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:tribalfusion.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:tubemogul.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:turn.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:txu.demdex.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:u3s.mathtag.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:undertone.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:univide.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:verizonwireless.demdex.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:vindicosuite.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:virool.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:visualdna.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:w55c.net
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:weborama.fr
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:wtp101.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:www.googleadservices.com
   C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\cookies.sqlite:zedo.com


descriptionSolvedRe: Possible Malware

more_horiz
MBam Summary Log

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/24/17
Scan Time: 4:07 AM
Log File: Mbam.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2221
License: Trial

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: PROSPERITY\Teressa

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384774
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 hr, 52 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

descriptionSolvedRe: Possible Malware

more_horiz
Internet Explorer still has connection problems.  This is what I get when I select Diagnose,

descriptionSolvedRe: Possible Malware

more_horiz
Please open Notepad (type notepad in the search box)

Next copy and paste the text inside the code box below into notepad:


Code:

@echo off
ipconfig /flushdns
ipconfig /release
ipconfig /renew
netsh advfirewall reset
netsh advfirewall set allprofiles state ON
netsh int ip reset c:\resetlog.txt
netsh int ipv4 reset
netsh int ipv6 reset
netsh winsock reset >> "%userprofile%\desktop\fixit.txt"
echo You now have to reboot your PC!
pause


  • Name the file as fixit.bat, making sure save as type is set to " All Files ".
  • Right click on fixit.bat & Run as admin <-- IMPORTANT.
  • Reboot your computer.
  • Post the fixit.txt log (on your desktop) for my review.

descriptionSolvedRe: Possible Malware

more_horiz
Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

descriptionSolvedRe: Possible Malware

more_horiz
Still have the same problem with Internet Explorer

descriptionSolvedRe: Possible Malware

more_horiz
resetting Internet Explorer settings: https://support.microsoft.com/en-us/help/17441/windows-internet-explorer-change-reset-settings

descriptionSolvedRe: Possible Malware

more_horiz
The reset had no effect.

descriptionSolvedRe: Possible Malware

more_horiz
Permissions in this forum:
You cannot reply to topics in this forum