Possible Malware

Okay, now go with SFCFix only... Do not bother with Zoek because the link is still not working for it anyway to download the program.

SFCFix works with the Windows File Protection and is necessary to help us work further with "that" issue.

SFCFix will not run.  The message states SFCFix.exe - Entry Point Not Found
The procedure entry point Wow64DisableWow64FsRedirection Could not be located in teh dunamic link library KERNEL32.dll.

SFCFix will not run.  The message states SFCFix.exe - Entry Point Not Found
The procedure entry point Wow64DisableWow64FsRedirection Could not be located in teh dunamic link library KERNEL32.dll.

Thanks for this information. Let's try the following... Thanks again for your patience...

• Please download and run UnHide.exe by Grinler.
  
• Double-click unhide.exe to run the program.
  
• This just shows us the super hidden files on the OS so we can find the root problem.
  

To disable CD Emulation programs using DeFogger please perform these steps:

1. Please download DeFogger to your desktop.
   
2. Once downloaded, double-click on the DeFogger icon to start the tool.
   
3. The application window will now appear.  You should now click on the Disable button to disable your CD Emulation drivers
   
4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
   
5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
   
6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine.  Please allow it to do so by clicking on the OK button.
   

---

Avast Browser Cleanup Tool

1. Please download this free tool and save it to your desktop.
   
2. Install the program by double-clicking on avast-browser-cleanup-sfx.exe.
   
3. This cleanup tool will search and list if unwanted entries were found. If found, it will display a button ‘Remove all add-ons listed below and cleanup browser.’ You may remove all or delete one entry at a time.
   
4. Avast Browser Cleanup will confirm before it permanently deletes the add-on. Please click Yes to proceed with removal of bad add-ons on the affected browser.
   

---

Please download ZHPcleaner to your desktop.

• Double click on ZHPCleaner to run the tool.
  
• Please click Telecharger (green button) at top of page. It looks like a download button.
  
• Then press ''Repair'' button.
  
• Browsers will automatically shut down.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the contents of that logfile with your next reply.
  

---

Speccy - Publish a snapshot
Follow the instructions below to download and install Speccy, then to publish a snapshot of your system information:

• Download and install Speccy from Piriform (the download will start automatically a few seconds after clicking on the Speccy link);
  Note: You can opt-out the Google Toolbar installation if you want;
  
• Once Speccy is installed, launch the program and give it a good minute to load all your system information;
  
• After that, click on the File menu in the top left corner, and select Publish Snapshot;
  
• A window will appear asking you to confirm your decision to publish a snapshot. Click on Yes;
  
• A new window will appear after, with a URL link to your snapshot. Click on Copy to Clipboard button to copy that URL to  your clipboard, then paste it in your next reply and post it;
  

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 10/09/2017 04:47:56 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 213023 files processed.

Processing the L:\ drive
Finished processing the L:\ drive. 58929 files processed.

The C:\DOCUME~1\ADMINI~1.PRO\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 10/09/2017 05:12:03 PM
Execution time: 0 hours(s), 25 minute(s), and 15 seconds(s)

I have a couple of questions.  I uninstalled Firefox to try to repair the problems within Firefox, but the profiles are still there.  Not all the profiles are mine. But, I need my passwords, and bookmarks from Firefox.  Are these completely lost to me now?  If I run Avast, are these completely lost to me?  If I run Avast, will this repair Firefox, since then profiles are still there, even though I do not have Firefox installed?

Another question aside from the ones I asked above.  I ran Defogger in Safe Mode with Networking, it rebooted in normal mode.  Is this okay?

GypsyCowgirl wrote:

I have a couple of questions.  I uninstalled Firefox to try to repair the problems within Firefox, but the profiles are still there.  Not all the profiles are mine. But, I need my passwords, and bookmarks from Firefox.  Are these completely lost to me now?  If I run Avast, are these completely lost to me?  If I run Avast, will this repair Firefox, since then profiles are still there, even though I do not have Firefox installed?

Where Firefox stores your bookmarks, passwords and other user data

Hello Freebooter.  I am sorry, I do not understand your answer to my questions.

Let me go further.  I have reinstalled Firefox.  There are two user profiles in Firefox.  One is mine, and the other is not, and I have no idea where it came from.  I have installed Avast as instructed.  Avast says it will restore my browser to it's "initial clean state".  It sounds like Avast is going to completely remove my bookmarks and passwords.  If so, is there a way to backup my bookmarks and passwords before running Avast?

Please disregard earlier questions.  I have Firefox installed, I have ran Avast.  However Avast did not detect Firefox.  The log is posted below.

10.10.2017 14:07:50 (TID: 2948)
Product version: 12.3.2280.144
10.10.2017 14:07:58 (TID: 1692)
Product version: 12.3.2280.144
10.10.2017 14:08:01
BCUEngine version : 10.1.0.1329
ProductVersion    : 12.3.2280.144
ProductLanguage   : en
OSLanguage        : en-us
Location          : en-us
OSType            : 5.1
IsStandalone      : 1
PartnerId         : 752
Priority          : 10
Microsoft IE
Install Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Version: 8.0.6001.18702
Mozilla Firefox Browser
Browser not found
Google Chrome Browser
Version: 49.0.2623.112
Install Path: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Profile Path: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\
Google Chrome Profiles
Name: Default Path: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default
Edge Browser
Browser not found
Opera Browser
Browser not found
SafeZone Browser
Browser not found
10.10.2017 14:08:03
BCUEngine version : 10.1.0.1329
ProductVersion    : 12.3.2280.144
ProductLanguage   : en
OSLanguage        : en-us
Location          : en-us
OSType            : 5.1
IsStandalone      : 1
PartnerId         : 752
Priority          : 10
Microsoft IE
Install Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Version: 8.0.6001.18702
Mozilla Firefox Browser
Browser not found
Google Chrome Browser
Version: 49.0.2623.112
Install Path: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Profile Path: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\
Google Chrome Profiles
Name: Default Path: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default
Edge Browser
Browser not found
Opera Browser
Browser not found
SafeZone Browser
Browser not found
Google Chrome
Homepages
Profile: Default
Url    : www.google.com
Search Engines
Profile: Default
Name   : Google
Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Name   : Google
Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Google Chrome
Extensions
Profile: Default
ID: chfdnecihphmhljaaejmgoiahnihplgn Name: AVG Web TuneUp
ID: eemcgdkfndhakfknompkggombfjjjeno Name: Bookmark Manager
ID: ennkphjdgehloodpbhlhldgbnhmacadg Name: Settings
ID: gfdkimpbcpahaombhbimeihdjnejgicl Name: Feedback
ID: kmendfapggjehodndflmmgagdbamhnfd Name: CryptoTokenExtension
ID: mhjfbmdgcfjbbpaeojofohoefgiehjai Name: Chrome PDF Viewer
ID: neajdppkdcdipfabeoofebfddakdcjhd Name: Google Network Speech
ID: nkeimhogjdpnpccoofpliimaahmaaome Name: Google Hangouts
Microsoft IE
Homepages
Profile: HKCU
Url    : http://www.ebay.com/
Search Engines
Profile: HKCU
Name   : Google
Url    : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
BCURequest:
GlobalStat
ProductLanguage : en
EngineVersion   : 10.1.0.1329
OSLanguage      : en-us
Location        : en-us
OSType          : 5.1
IsStandalone    : 1
Version         : 12.3.2280.144
PartnerId       : 752
Priority        : 10
AvastProductType: 56
DefaultBrowser  : FIREFOX.EXE
Google Chrome:
BrowserType: 2
IsDefault  : 0
Rank       : 80
Homepages
Url: www.google.com
Search Engines
Name : Google
Url  : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Extensions
ID: chfdnecihphmhljaaejmgoiahnihplgn Name: AVG Web TuneUp
ID: eemcgdkfndhakfknompkggombfjjjeno Name: Bookmark Manager
ID: ennkphjdgehloodpbhlhldgbnhmacadg Name: Settings
ID: gfdkimpbcpahaombhbimeihdjnejgicl Name: Feedback
ID: kmendfapggjehodndflmmgagdbamhnfd Name: CryptoTokenExtension
ID: mhjfbmdgcfjbbpaeojofohoefgiehjai Name: Chrome PDF Viewer
ID: neajdppkdcdipfabeoofebfddakdcjhd Name: Google Network Speech
ID: nkeimhogjdpnpccoofpliimaahmaaome Name: Google Hangouts
Microsoft IE:
BrowserType: 0
IsDefault  : 0
Rank       : 1
Homepages
Url: http://www.ebay.com/
Search Engines
Name : Google
Url  : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
Extensions
ID: {01e04581-4eee-11d0-bfe9-00aa005b4383} Name: &Address
ID: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} Name: Adobe PDF Reader Link Helper
ID: {0e5cbf21-d15f-11d0-8301-00aa005b4383} Name: &Links
ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Name: Adobe PDF Link Helper
ID: {2318c2b1-4965-11d4-9b18-009027a5cd4f} Name: Google Toolbar
ID: {92ef2ead-a7ce-4424-b0db-499cf856608e} Name: Evernote extension
ID: {e2e2dd38-d088-4134-82b7-f2ba38496583} Name: @xpsp3res.dll,-20001
ID: {fb5f1910-f110-11d2-bb9e-00c04f795683} Name: Windows Messenger
BCUResponse:
BCUConfig
CacheIntervalNeg : 604800
CacheIntervalPos : 604800
CmsTimeout       : 15000
TemplateId: TPL_DROPDOWN
OfferId   : ID_US_EN_YBG_RB_V10_PAID
UseCorporate     : FALSE
BCUProviders
ID: TPL_YAHOO9_US Name: Yahoo! (Avast)
ID: PID_AVAST_PAID Name: Avast Search
ID: PID_PERION_EN_US_PAID_AVAST Name: Bing (by Microsoft)
ID: PID_GOOGLE_ALL_PAID Name: Google
ID: PID_KEEPEXISTING Name: Keep Existing (not recommended)
Google Chrome:
IsProviderModified: 0
Extensions
ID: chfdnecihphmhljaaejmgoiahnihplgn Rating: 0 InternalId: 1000
ID: eemcgdkfndhakfknompkggombfjjjeno Rating: 0 InternalId: 8000
ID: ennkphjdgehloodpbhlhldgbnhmacadg Rating: 0 InternalId: 5001
ID: gfdkimpbcpahaombhbimeihdjnejgicl Rating: 0 InternalId: 33
ID: kmendfapggjehodndflmmgagdbamhnfd Rating: 0 InternalId: 5200
ID: mhjfbmdgcfjbbpaeojofohoefgiehjai Rating: 0 InternalId: 9300
ID: neajdppkdcdipfabeoofebfddakdcjhd Rating: 0 InternalId: 8000
ID: nkeimhogjdpnpccoofpliimaahmaaome Rating: 0 InternalId: 8000
Search Engine:
Name: Google
Url : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Microsoft IE:
IsProviderModified: 0
Extensions
ID: {01e04581-4eee-11d0-bfe9-00aa005b4383} Rating: 5 InternalId: 751
ID: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} Rating: 5 InternalId: 8000
ID: {0e5cbf21-d15f-11d0-8301-00aa005b4383} Rating: 5 InternalId: 2217
ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Rating: 5 InternalId: 8000
ID: {2318c2b1-4965-11d4-9b18-009027a5cd4f} Rating: 4 InternalId: 2112
ID: {92ef2ead-a7ce-4424-b0db-499cf856608e} Rating: 5 InternalId: 2249
ID: {e2e2dd38-d088-4134-82b7-f2ba38496583} Rating: 5 InternalId: 196
ID: {fb5f1910-f110-11d2-bb9e-00c04f795683} Rating: 5 InternalId: 2191
Search Engine:
Name: Google
Url : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
Google Chrome
Homepages
Profile: Default
Url    : www.google.com
Search Engines
Profile: Default
[Chrome] Failed to copy file
Google Chrome
Extensions
Profile: Default
ID: chfdnecihphmhljaaejmgoiahnihplgn Name: AVG Web TuneUp
ID: eemcgdkfndhakfknompkggombfjjjeno Name: Bookmark Manager
ID: ennkphjdgehloodpbhlhldgbnhmacadg Name: Settings
ID: gfdkimpbcpahaombhbimeihdjnejgicl Name: Feedback
ID: kmendfapggjehodndflmmgagdbamhnfd Name: CryptoTokenExtension
ID: mhjfbmdgcfjbbpaeojofohoefgiehjai Name: Chrome PDF Viewer
ID: neajdppkdcdipfabeoofebfddakdcjhd Name: Google Network Speech
ID: nkeimhogjdpnpccoofpliimaahmaaome Name: Google Hangouts
Microsoft IE
Homepages
Profile: HKCU
Url    : http://www.ebay.com/
Search Engines
Profile: HKCU
Name   : Google
Url    : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
BCURequest:
GlobalStat
ProductLanguage : en
EngineVersion   : 10.1.0.1329
OSLanguage      : en-us
Location        : en-us
OSType          : 5.1
IsStandalone    : 1
Version         : 12.3.2280.144
PartnerId       : 752
Priority        : 10
AvastProductType: 56
DefaultBrowser  : FIREFOX.EXE
Google Chrome:
BrowserType: 2
IsDefault  : 0
Rank       : 80
Homepages
Url: www.google.com
Search Engines
Name : 
Url  : 
Extensions
ID: chfdnecihphmhljaaejmgoiahnihplgn Name: AVG Web TuneUp
ID: eemcgdkfndhakfknompkggombfjjjeno Name: Bookmark Manager
ID: ennkphjdgehloodpbhlhldgbnhmacadg Name: Settings
ID: gfdkimpbcpahaombhbimeihdjnejgicl Name: Feedback
ID: kmendfapggjehodndflmmgagdbamhnfd Name: CryptoTokenExtension
ID: mhjfbmdgcfjbbpaeojofohoefgiehjai Name: Chrome PDF Viewer
ID: neajdppkdcdipfabeoofebfddakdcjhd Name: Google Network Speech
ID: nkeimhogjdpnpccoofpliimaahmaaome Name: Google Hangouts
Microsoft IE:
BrowserType: 0
IsDefault  : 0
Rank       : 1
Homepages
Url: http://www.ebay.com/
Search Engines
Name : Google
Url  : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
Extensions
ID: {01e04581-4eee-11d0-bfe9-00aa005b4383} Name: &Address
ID: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} Name: Adobe PDF Reader Link Helper
ID: {0e5cbf21-d15f-11d0-8301-00aa005b4383} Name: &Links
ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Name: Adobe PDF Link Helper
ID: {2318c2b1-4965-11d4-9b18-009027a5cd4f} Name: Google Toolbar
ID: {92ef2ead-a7ce-4424-b0db-499cf856608e} Name: Evernote extension
ID: {e2e2dd38-d088-4134-82b7-f2ba38496583} Name: @xpsp3res.dll,-20001
ID: {fb5f1910-f110-11d2-bb9e-00c04f795683} Name: Windows Messenger
BCUResponse:
BCUConfig
CacheIntervalNeg : 604800
CacheIntervalPos : 604800
CmsTimeout       : 15000
TemplateId: TPL_DROPDOWN
OfferId   : ID_US_EN_YBG_RB_V10_PAID
UseCorporate     : FALSE
BCUProviders
ID: TPL_YAHOO9_US Name: Yahoo! (Avast)
ID: PID_AVAST_PAID Name: Avast Search
ID: PID_PERION_EN_US_PAID_AVAST Name: Bing (by Microsoft)
ID: PID_GOOGLE_ALL_PAID Name: Google
ID: PID_KEEPEXISTING Name: Keep Existing (not recommended)
Google Chrome:
IsProviderModified: 0
Extensions
ID: chfdnecihphmhljaaejmgoiahnihplgn Rating: 0 InternalId: 1000
ID: eemcgdkfndhakfknompkggombfjjjeno Rating: 0 InternalId: 8000
ID: ennkphjdgehloodpbhlhldgbnhmacadg Rating: 0 InternalId: 5001
ID: gfdkimpbcpahaombhbimeihdjnejgicl Rating: 0 InternalId: 33
ID: kmendfapggjehodndflmmgagdbamhnfd Rating: 0 InternalId: 5200
ID: mhjfbmdgcfjbbpaeojofohoefgiehjai Rating: 0 InternalId: 9300
ID: neajdppkdcdipfabeoofebfddakdcjhd Rating: 0 InternalId: 8000
ID: nkeimhogjdpnpccoofpliimaahmaaome Rating: 0 InternalId: 8000
Search Engine:
Name: 
Url : 
Microsoft IE:
IsProviderModified: 0
Extensions
ID: {01e04581-4eee-11d0-bfe9-00aa005b4383} Rating: 5 InternalId: 751
ID: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} Rating: 5 InternalId: 8000
ID: {0e5cbf21-d15f-11d0-8301-00aa005b4383} Rating: 5 InternalId: 2217
ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Rating: 5 InternalId: 8000
ID: {2318c2b1-4965-11d4-9b18-009027a5cd4f} Rating: 4 InternalId: 2112
ID: {92ef2ead-a7ce-4424-b0db-499cf856608e} Rating: 5 InternalId: 2249
ID: {e2e2dd38-d088-4134-82b7-f2ba38496583} Rating: 5 InternalId: 196
ID: {fb5f1910-f110-11d2-bb9e-00c04f795683} Rating: 5 InternalId: 2191
Search Engine:
Name: Google
Url : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
Detected a potential browser protector:BFD8A0F22F68B648F9962EA58AD993AA959C670409D47BB282ABF54CFA21EA42 {
   "Services" : {
      "avg antivirus" : {
         "Description" : "manages and implements avg antivirus services for this computer. this includes the real-time protection, the quarantine and the scheduler.",
         "DisplayName" : "avg antivirus",
         "FileInfo" : {
            "CompanyName" : "AVG Technologies CZ, s.r.o.",
            "FileDescription" : "AVG Service",
            "FileVersion" : "17.7.3660.0",
            "Path" : "c:\\program files\\avg\\antivirus\\avgsvc.exe",
            "ProductVersion" : "17.7.3660.0",
            "sha256" : "E75BA4B14D570B6443C79C5C46383F9D87055D1F5E76DE36247A4A6C1124CD78"
         }
      },
      "avgbidsagent" : {
         "Description" : "provides identity protection against cyber crime.",
         "DisplayName" : "avgbidsagent",
         "FileInfo" : {
            "CompanyName" : "AVG Technologies CZ, s.r.o.",
            "FileDescription" : "AVG Software Analyzer",
            "FileVersion" : "17.7.3.15075",
            "Path" : "c:\\program files\\avg\\antivirus\\aswidsagent.exe",
            "ProductVersion" : "17.7.3.15075",
            "sha256" : "2BB97C74287C36B97D07BEF17EBC79B5D8455D956B439157895756277B3C16F3"
         }
      }
   },
   "runKeys" : {
      "avgui.exe" : {
         "FileInfo" : {
            "CompanyName" : "AVG Technologies CZ, s.r.o.",
            "FileDescription" : "AvLaunch component",
            "FileVersion" : "17.7.3660.0",
            "Path" : "c:\\program files\\avg\\antivirus\\avlaunch.exe",
            "ProductVersion" : "17.7.3660.0",
            "sha256" : "EB48B9499D5CFA134BB719E2B486D80B56BD634D47792A0F322A35DFA75E4A21"
         },
         "RegKey" : "hklm\\software\\microsoft\\windows\\currentversion\\run\\avgui.exe=c:\\program files\\avg\\antivirus\\avlaunch.exe"
      }
   },
   "runningProcess" : {
      "aswidsagent.exe" : {
         "CompanyName" : "AVG Technologies CZ, s.r.o.",
         "FileDescription" : "AVG Software Analyzer",
         "FileVersion" : "17.7.3.15075",
         "Path" : "c:\\program files\\avg\\antivirus\\aswidsagent.exe",
         "ProductVersion" : "17.7.3.15075",
         "sha256" : "2BB97C74287C36B97D07BEF17EBC79B5D8455D956B439157895756277B3C16F3"
      },
      "avgsvc.exe" : {
         "CompanyName" : "AVG Technologies CZ, s.r.o.",
         "FileDescription" : "AVG Service",
         "FileVersion" : "17.7.3660.0",
         "Path" : "c:\\program files\\avg\\antivirus\\avgsvc.exe",
         "ProductVersion" : "17.7.3660.0",
         "sha256" : "E75BA4B14D570B6443C79C5C46383F9D87055D1F5E76DE36247A4A6C1124CD78"
      },
      "avgui.exe" : {
         "CompanyName" : "AVG Technologies CZ, s.r.o.",
         "FileDescription" : "AVG Antivirus",
         "FileVersion" : "17.7.3660.0",
         "Path" : "c:\\program files\\avg\\antivirus\\avgui.exe",
         "ProductVersion" : "17.7.3660.0",
         "sha256" : "28E20F2332059E22E168FBEE4B71882C16AEE14EB97BBF29C9AEDD82764B2F1B"
      },
      "instup.exe" : {
         "CompanyName" : "AVG Technologies CZ, s.r.o.",
         "FileDescription" : "AVG Antivirus Installer",
         "FileVersion" : "17.7.3660.0",
         "Path" : "c:\\program files\\avg\\antivirus\\setup\\instup.exe",
         "ProductVersion" : "17.7.3660.0",
         "sha256" : "191C5596E15D36E22976A71E2EF7CB02F814E31D147272287C97A5977DCD3EBC"
      }
   }
}

Detected a potential browser protector:A95ADE4EA7C65116AAE3C7328E1027F46E70C79762C2741022B94576E8F6FB21 {
   "uninstallInfo" : {
      "spybot - search & destroy_is1" : {
         "DisplayName" : "spybot - search & destroy 1.2",
         "FileInfo" : {
            "CompanyName" : "Jordan Russell",
            "FileDescription" : "Inno Setup Uninstaller",
            "FileVersion" : "51.6.0.0",
            "Path" : "c:\\program files\\spybot - search & destroy\\unins000.exe",
            "ProductVersion" : " ",
            "sha256" : "4CD3D71E2907B34A6822C46113F199F51822A5D6143BD1EEA167EDDE9A53C44C"
         },
         "Publisher" : "pepimk software"
      }
   }
}

Detected a potential browser protector:BFD8A0F22F68B648F9962EA58AD993AA959C670409D47BB282ABF54CFA21EA42 {
   "Services" : {
      "avg antivirus" : {
         "Description" : "manages and implements avg antivirus services for this computer. this includes the real-time protection, the quarantine and the scheduler.",
         "DisplayName" : "avg antivirus",
         "FileInfo" : {
            "CompanyName" : "AVG Technologies CZ, s.r.o.",
            "FileDescription" : "AVG Service",
            "FileVersion" : "17.7.3660.0",
            "Path" : "c:\\program files\\avg\\antivirus\\avgsvc.exe",
            "ProductVersion" : "17.7.3660.0",
            "sha256" : "E75BA4B14D570B6443C79C5C46383F9D87055D1F5E76DE36247A4A6C1124CD78"
         }
      },
      "avgbidsagent" : {
         "Description" : "provides identity protection against cyber crime.",
         "DisplayName" : "avgbidsagent",
         "FileInfo" : {
            "CompanyName" : "AVG Technologies CZ, s.r.o.",
            "FileDescription" : "AVG Software Analyzer",
            "FileVersion" : "17.7.3.15075",
            "Path" : "c:\\program files\\avg\\antivirus\\aswidsagent.exe",
            "ProductVersion" : "17.7.3.15075",
            "sha256" : "2BB97C74287C36B97D07BEF17EBC79B5D8455D956B439157895756277B3C16F3"
         }
      }
   },
   "runKeys" : {
      "avgui.exe" : {
         "FileInfo" : {
            "CompanyName" : "AVG Technologies CZ, s.r.o.",
            "FileDescription" : "AvLaunch component",
            "FileVersion" : "17.7.3660.0",
            "Path" : "c:\\program files\\avg\\antivirus\\avlaunch.exe",
            "ProductVersion" : "17.7.3660.0",
            "sha256" : "EB48B9499D5CFA134BB719E2B486D80B56BD634D47792A0F322A35DFA75E4A21"
         },
         "RegKey" : "hklm\\software\\microsoft\\windows\\currentversion\\run\\avgui.exe=c:\\program files\\avg\\antivirus\\avlaunch.exe"
      }
   },
   "runningProcess" : {
      "aswidsagent.exe" : {
         "CompanyName" : "AVG Technologies CZ, s.r.o.",
         "FileDescription" : "AVG Software Analyzer",
         "FileVersion" : "17.7.3.15075",
         "Path" : "c:\\program files\\avg\\antivirus\\aswidsagent.exe",
         "ProductVersion" : "17.7.3.15075",
         "sha256" : "2BB97C74287C36B97D07BEF17EBC79B5D8455D956B439157895756277B3C16F3"
      },
      "avgsvc.exe" : {
         "CompanyName" : "AVG Technologies CZ, s.r.o.",
         "FileDescription" : "AVG Service",
         "FileVersion" : "17.7.3660.0",
         "Path" : "c:\\program files\\avg\\antivirus\\avgsvc.exe",
         "ProductVersion" : "17.7.3660.0",
         "sha256" : "E75BA4B14D570B6443C79C5C46383F9D87055D1F5E76DE36247A4A6C1124CD78"
      },
      "avgui.exe" : {
         "CompanyName" : "AVG Technologies CZ, s.r.o.",
         "FileDescription" : "AVG Antivirus",
         "FileVersion" : "17.7.3660.0",
         "Path" : "c:\\program files\\avg\\antivirus\\avgui.exe",
         "ProductVersion" : "17.7.3660.0",
         "sha256" : "28E20F2332059E22E168FBEE4B71882C16AEE14EB97BBF29C9AEDD82764B2F1B"
      },
      "instup.exe" : {
         "CompanyName" : "AVG Technologies CZ, s.r.o.",
         "FileDescription" : "AVG Antivirus Installer",
         "FileVersion" : "17.7.3660.0",
         "Path" : "c:\\program files\\avg\\antivirus\\setup\\instup.exe",
         "ProductVersion" : "17.7.3660.0",
         "sha256" : "191C5596E15D36E22976A71E2EF7CB02F814E31D147272287C97A5977DCD3EBC"
      }
   }
}

Detected a potential browser protector:A95ADE4EA7C65116AAE3C7328E1027F46E70C79762C2741022B94576E8F6FB21 {
   "uninstallInfo" : {
      "spybot - search & destroy_is1" : {
         "DisplayName" : "spybot - search & destroy 1.2",
         "FileInfo" : {
            "CompanyName" : "Jordan Russell",
            "FileDescription" : "Inno Setup Uninstaller",
            "FileVersion" : "51.6.0.0",
            "Path" : "c:\\program files\\spybot - search & destroy\\unins000.exe",
            "ProductVersion" : " ",
            "sha256" : "4CD3D71E2907B34A6822C46113F199F51822A5D6143BD1EEA167EDDE9A53C44C"
         },
         "Publisher" : "pepimk software"
      }
   }
}

Profile: Default
Microsoft IE
Extensions
ID: {01e04581-4eee-11d0-bfe9-00aa005b4383} Name: &Address
ID: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} Name: Adobe PDF Reader Link Helper
ID: {0e5cbf21-d15f-11d0-8301-00aa005b4383} Name: &Links
ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Name: Adobe PDF Link Helper
ID: {2318c2b1-4965-11d4-9b18-009027a5cd4f} Name: Google Toolbar
ID: {92ef2ead-a7ce-4424-b0db-499cf856608e} Name: Evernote extension
ID: {e2e2dd38-d088-4134-82b7-f2ba38496583} Name: @xpsp3res.dll,-20001
ID: {fb5f1910-f110-11d2-bb9e-00c04f795683} Name: Windows Messenger
Search Engines
Profile: Default
Name   : Google
Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Name   : Google
Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Search Engines
Profile: HKCU
Name   : Google
Url    : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
Profile: Default
Microsoft IE
Extensions
ID: {01e04581-4eee-11d0-bfe9-00aa005b4383} Name: &Address
ID: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} Name: Adobe PDF Reader Link Helper
ID: {0e5cbf21-d15f-11d0-8301-00aa005b4383} Name: &Links
ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Name: Adobe PDF Link Helper
ID: {2318c2b1-4965-11d4-9b18-009027a5cd4f} Name: Google Toolbar
ID: {92ef2ead-a7ce-4424-b0db-499cf856608e} Name: Evernote extension
ID: {e2e2dd38-d088-4134-82b7-f2ba38496583} Name: @xpsp3res.dll,-20001
ID: {fb5f1910-f110-11d2-bb9e-00c04f795683} Name: Windows Messenger
Search Engines
Profile: Default
Name   : Google
Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Name   : Google
Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Search Engines
Profile: HKCU
Name   : Google
Url    : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
Profile: Default
Microsoft IE
Extensions
ID: {01e04581-4eee-11d0-bfe9-00aa005b4383} Name: &Address
ID: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} Name: Adobe PDF Reader Link Helper
ID: {0e5cbf21-d15f-11d0-8301-00aa005b4383} Name: &Links
ID: {18df081c-e8ad-4283-a596-fa578c2ebdc3} Name: Adobe PDF Link Helper
ID: {2318c2b1-4965-11d4-9b18-009027a5cd4f} Name: Google Toolbar
ID: {92ef2ead-a7ce-4424-b0db-499cf856608e} Name: Evernote extension
ID: {e2e2dd38-d088-4134-82b7-f2ba38496583} Name: @xpsp3res.dll,-20001
ID: {fb5f1910-f110-11d2-bb9e-00c04f795683} Name: Windows Messenger
Search Engines
Profile: Default
Name   : Google
Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Name   : Google
Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Search Engines
Profile: HKCU
Name   : Google
Url    : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
Google Chrome
Homepages
Profile: Default
Url    : www.google.com
Search Engines
Profile: Default
Name   : Google
Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Name   : Google
Url    : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
Google Chrome
Extensions
Profile: Default
ID: chfdnecihphmhljaaejmgoiahnihplgn Name: AVG Web TuneUp
ID: eemcgdkfndhakfknompkggombfjjjeno Name: Bookmark Manager
ID: ennkphjdgehloodpbhlhldgbnhmacadg Name: Settings
ID: gfdkimpbcpahaombhbimeihdjnejgicl Name: Feedback
ID: kmendfapggjehodndflmmgagdbamhnfd Name: CryptoTokenExtension
ID: mhjfbmdgcfjbbpaeojofohoefgiehjai Name: Chrome PDF Viewer
ID: neajdppkdcdipfabeoofebfddakdcjhd Name: Google Network Speech
ID: nkeimhogjdpnpccoofpliimaahmaaome Name: Google Hangouts
Microsoft IE
Homepages
Profile: HKCU
Url    : http://www.ebay.com/
Search Engines
Profile: HKCU
Name   : Google
Url    : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
BCUChangedRequest:
Google Chrome:
Homepages
Url: www.google.com
Search Engines
Url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:contextualSearchVersion}ie={inputEncoding}
is_default: 0
Extensions
Microsoft IE:
Homepages
Url: http://www.ebay.com/
Search Engines
Url: http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
is_default: 0
Extensions
Send data successful

ZHP LOG

~ ZHPCleaner v2017.1.21.18 by Nicolas Coolman (2017/01/21)
~ Run by Teressa (Administrator)  (10/10/2017 18:06:21)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Documents and Settings\Teressa\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Documents and Settings\Teressa\Application Data\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows XP, 32-bit Service Pack 3 (Build 2600)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (1)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (11)
MOVED file: C:\WINDOWS\SYSTEM32\DRIVERS\classpnp.sys [Microsoft Corporation - SCSI Class System Dll]  =>.Superfluous.Trotux
MOVED file: C:\WINDOWS\SYSTEM32\spnpinst.exe [Microsoft Corporation - Peer-to-Peer Custom Setup]  =>.Superfluous.Trotux
MOVED file: C:\WINDOWS\Installer\wix{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}.SchedServiceConfig.rmi    =>.Superfluous.Empty
MOVED file: C:\Documents and Settings\All Users\Application Data\InstallMate\{69CCF189-84B4-7699-C669-B7E381BDC138}\Setup.exe [Tarma Software Research Pty Ltd - Tarma® InstallMate Setup]  =>.Superfluous.Tarma
MOVED file: C:\Documents and Settings\All Users\Application Data\InstallMate\{69CCF189-84B4-7699-C669-B7E381BDC138}\TsuDll.dll [Tarma Software Research Pty Ltd - Tarma® InstallMate Setup Library]  =>.Superfluous.Tarma
MOVED file: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d1af033869koo7.cloudfront.net_0.localstorage    =>.Superfluous.CloudfrontNet
MOVED file: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d1af033869koo7.cloudfront.net_0.localstorage-journal    =>.Superfluous.CloudfrontNet
MOVED folder: C:\Program Files\Xenocode  =>.Superfluous.Empty
MOVED folder: C:\Documents and Settings\All Users\Application Data\InstallMate  =>.Superfluous.Tarma
MOVED folder: C:\Documents and Settings\Teressa\Application Data\HMYGSetting  =>Adware.Suspect
MOVED folder: C:\Documents and Settings\All Users\Application Data\QuickTime  =>Riskware.QuickTime


---\\  Registry ( Key, Value, Data) (11)
DELETED key*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193} []  =>PUP.Optional.CrossRider
DELETED key*: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162} []  =>PUP.Optional.CrossRider
DELETED key*: HKLM\SOFTWARE\Secure []  =>.Superfluous.SecurePCCleaner
DELETED key*: HKLM\SOFTWARE\Classes\adbanner.adbanner [adbanner Class]  =>Adware.adBanner
DELETED key*: HKLM\SOFTWARE\Classes\adbanner.adbanner.1 [adbanner Class]  =>Adware.adBanner
DELETED key*: HKLM\SOFTWARE\Classes\PeoplePC.Toolbar [PPCToolbarBand Class]  =>PUP.Optional.InboxEmail
DELETED key*: HKLM\SOFTWARE\Classes\PeoplePC.Toolbar.1 [PPCToolbarBand Class]  =>PUP.Optional.InboxEmail
DELETED key*: HKLM\SOFTWARE\Classes\CLSID\{89643D21-7B2A-11d1-8271-00A0C91F9CA0} [adbanner Class]  =>Adware.adBanner
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect
DELETED key*: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointSearchBarV35 []  =>PUP.Optional.MetaStream
DELETED value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck [C:\WINDOWS\system32\dumprep 0 -k]  =>Heuristic.Salus


---\\  Summary of the elements found (13)
https://www.anti-malware.top/2016/07/03/superfluous-trotux/  =>.Superfluous.Trotux
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/logiciels-superflus  =>.Superfluous.Empty
https://www.nicolascoolman.com/fr/pup-tarma/  =>.Superfluous.Tarma
https://www.anti-malware.top/2016/08/31/cloudfront-net/  =>.Superfluous.CloudfrontNet
https://www.anti-malware.top/2016/05/01/definition-dun-logiciel-pup-lpi/  =>Adware.Suspect
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
https://www.anti-malware.top/2016/04/30/pup-optional-crossrider/  =>PUP.Optional.CrossRider
https://www.anti-malware.top/2016/06/08/superfluous-securepccleaner/  =>.Superfluous.SecurePCCleaner
https://nicolascoolman.eu/2016/12/31/adware-adbanner/  =>Adware.adBanner
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>PUP.Optional.InboxEmail
https://www.anti-malware.top/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect
https://www.nicolascoolman.com/fr/adware-metastream/  =>PUP.Optional.MetaStream
https://www.nicolascoolman.com/fr/repaquetage-et_infections/  =>Heuristic.Salus


---\\  Other deletions. (5)
~ Registry Keys Tracing deleted (5)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 992
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 22


~ End of clean in 00h00mn42s
~====================
ZHPCleaner-[R]-10102017-18_07_03.txt
ZHPCleaner-[S]-10102017-17_12_40.txt
ZHPCleaner-[S]-10102017-17_23_34.txt
ZHPCleaner-[S]-10102017-17_28_42.txt
ZHPCleaner-[S]-10102017-17_43_49.txt

Speccy URL

http://speccy.piriform.com/results/W7MZoY21pANB8TXZbKWDzkL

in the tray at the right bottom of my PC there is a yellow shield.  The same yellow shield that used to pop up when Windows XP had updates.  I have not clicked on it, but when I hover my mouse over it, it shows updates are ready for my computer, and to click to install.

I still receive updates for my Windows XP.

Did you read my other posts, about Avast, and ZHP.  ZHP did find Pups?  Avast is not finding Firefox browser.  Should I click on update, or wait until the doc advises?

Wait until Dr. Jay responds.

Hello again, my apologies for delay. Was Firefox running while you ran the utility or was it closed completely?

If not, then let's reattempt that please.

Being in Normal Mode should be fine for now.

FreeBooter was linking this article: https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data
     Make a backup of your Firefox profile using this information.

---

We're also ready for the next step as well...

• Please download PC Hunter and save it to your desktop.
  
• Extract the content of the archive to your desktop.
  
• Run PCHunter32.exe (If you have 32-bit Operating System) or run PCHunter64.exe (if you use 64-bit version of Windows).
  
• Click on the Computer Examination tab and check the box beside Safe Items won't be displayed.
  
• Now click on Generate examination report and wait the scan to complete.
  
• When it's done you will see that the other button next to it, called Export examination report is active and clickable.
  
• Click on it and give the log file a name and save it to your desktop.
  
• Тhe log file will open automatically when done. Close it and attach the log to your next reply.

---

SanityCheck

• Please download SanityCheck to your Desktop from here .
  
  
• Please close all open windows, double-click "SanitySetup.exe" and follow the prompts to install the tool.
  Please choose "I accept the agreement" and make sure to place a checkmark next to "Create a Desktop icon"
  
  
• At the end, please click the "Finish" button. Click "Yes" and "OK" to close the next messages.
  Please close the program and restart your computer.
  
  
• Now, please re-run the program by clicking its icon or from "Start" => "All the programs" => "SanityCheck" and click the "Analyze.." button.
  
  
• Finally, please click "OK" and scroll down the window to copy and paste the results in your next reply.
  

I will do what you prescribed, but I have ran Avast with Firefox started, and with it closed, and both times Avast does not detect Firefox.  Also I had mentioned at the bottom right of my screen, there is a yellow shield, which is normally my Windows alert.  It shows there are updates.  I have not had that come up in a very long time.  When I try to reboot my computer, I see that if I turn it off the updates will take place, but I am not sure whether I should do this or not.

AVG is blocking PCHunter.  Should I shutdown AVG?

I have no idea if this worked or not.  I turned off AVG, but it still showed it was blocking PCHUNTER, but PChunter, still opened a window called "okjoakeoi", where I was able to do the search.  THe results are below.

PC Hunter Standard --- Computer Examination Report
Examination Date: 2017-10-10 22:26
OS Information: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Internet Explorer: 8.0.6001.18702

Examination Items:
      Process
      Process Modules
      Process Threads
      Kernel Module
      Notify Routine
      Filter
      DPC Timer
      Worker Thread
      HalDispatchTable
      HalPrivateDispatchTable
      HalAcpiDispatchTable
      MiniFilter
      File System
      Sfilter FileSystem Filter Callback
      ClassInitData Callback
      Npfs Dispatch Fun
      Msfs Dispatch Fun
      Usbport Dispatch Fun
      System Debug
      Object Hijack
      Direct IO
      GDT
      SSDT
      Shadow SSDT
      FSD
      Keyboard
      I8042prt
      Mouclass
      Partmgr
      Classpnp
      Atapi
      Acpi
      Scsi
      Kernel Hook
      PTE HOOK
      Object Type
      IDT
      Message Hook
      Process Hook
      KernelCallbackTable
      Port
      Tcpip
      Ndis Handler
      IE Plugin
      IE Shell
      Spi
      Hosts File
      Startup
      Service
      Schedule Task
      File Association
      IFEO
      IME/CTF
      Firewall Rule
      System User Name
      Scan MBR Rootkit

==========================================================================================

Process


==========================================================================================

Process Modules


==========================================================================================

Process Threads


==========================================================================================

Kernel Module


==========================================================================================

Notify Routine

       Nothing

==========================================================================================

Filter


==========================================================================================

DPC Timer


==========================================================================================

Worker Thread


==========================================================================================

HalDispatchTable

       Nothing

==========================================================================================

HalPrivateDispatchTable

       Nothing

==========================================================================================

HalAcpiDispatchTable

       Nothing

==========================================================================================

MiniFilter

       Nothing

==========================================================================================

File System

       Nothing

==========================================================================================

Sfilter FileSystem Filter Callback

       Nothing

==========================================================================================

ClassInitData Callback

       Nothing

==========================================================================================

Npfs Dispatch Fun

       Nothing

==========================================================================================

Msfs Dispatch Fun

       Nothing

==========================================================================================

Usbport Dispatch Fun

       Nothing

==========================================================================================

System Debug

       Nothing

==========================================================================================

Object Hijack

       Nothing

==========================================================================================

Direct IO


==========================================================================================

GDT

       Nothing

==========================================================================================

SSDT

       Nothing

==========================================================================================

Shadow SSDT

       Nothing

==========================================================================================

FSD

       Nothing

==========================================================================================

Keyboard

       Nothing

==========================================================================================

I8042prt

       Nothing

==========================================================================================

Mouclass

       Nothing

==========================================================================================

Partmgr

       Nothing

==========================================================================================

Classpnp

       Nothing

==========================================================================================

Atapi

       Nothing

==========================================================================================

Acpi

       Nothing

==========================================================================================

Scsi

       Nothing

==========================================================================================

Kernel Hook

       Nothing

==========================================================================================

PTE HOOK

       Nothing

==========================================================================================

Object Type

       Nothing

==========================================================================================

IDT

       Nothing

==========================================================================================

Message Hook

       Nothing

==========================================================================================

Process Hook

            Nothing

==========================================================================================

KernelCallbackTable

       Nothing

==========================================================================================

Port

       Nothing

==========================================================================================

Tcpip

       Nothing

==========================================================================================

Ndis Handler

       Nothing

==========================================================================================

IE Plugin

       Nothing

==========================================================================================

IE Shell

       Nothing

==========================================================================================

Spi

       Nothing

==========================================================================================

Hosts File

       Nothing

==========================================================================================

Startup

       Nothing

==========================================================================================

Service

       !SASCORE - Started - Automatic - "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" - SUPERAntiSpyware.com -  - 
       AdobeFlashPlayerUpdateSvc - Stopped - Manual - C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe - Adobe Systems Incorporated -  - 
       AVG Antivirus - Started - Automatic - "C:\Program Files\AVG\Antivirus\AVGSvc.exe" - AVG Technologies CZ, s.r.o. -  - 
       avgbIDSAgent - Stopped - Manual - "C:\Program Files\AVG\Antivirus\aswidsagent.exe" - AVG Technologies CZ, s.r.o. -  - 
       avgsvc - Started - Automatic - "C:\Program Files\AVG\Framework\Common\avgsvcx.exe" - AVG Technologies CZ, s.r.o. -  - 
       Bonjour Service - Stopped - Manual - "C:\Program Files\Bonjour\mDNSResponder.exe" - Apple Inc. -  - 
       Creative Service for CDROM Access - Started - Automatic - C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE - Creative Technology Ltd -  - 
       EPSON_PM_RPCV4_04 - Started - Automatic - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE - SEIKO EPSON CORPORATION -  - 
       gupdate - Stopped - Automatic - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc - Google Inc. -  - 
       gupdatem - Stopped - Manual - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc - Google Inc. -  - 
       gusvc - Stopped - Automatic - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - Google -  - 
       IDriverT - Stopped - Manual - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" - Macrovision Corporation -  - 
       LightScribeService - Started - Automatic - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" - Hewlett-Packard Company -  - 
       MBAMService - Started - Automatic - "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" - Malwarebytes -  - 
       MozillaMaintenance - Stopped - Manual - "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" - Mozilla Foundation -  - 
       Nero BackItUp Scheduler 4.0 - Started - Automatic - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - Nero AG -  - 
       NetSvc - Stopped - Manual - C:\Program Files\Intel\NCS\Sync\NetSvc.exe - Intel(R) Corporation -  - 
       NVSvc - Started - Automatic - C:\WINDOWS\SYSTEM32\nvsvc32.exe - NVIDIA Corporation -  - 
       Pml Driver - Stopped - Manual - C:\WINDOWS\SYSTEM32\hphipm09.exe - HP -  - 
       RoxLiveShare9 - Stopped - Disabled - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" - File not found -  - 
       TeamViewer - Stopped - Automatic - "C:\Program Files\TeamViewer\TeamViewer_Service.exe" - File not found -  - 
       WsDrvInst - Stopped - Manual - "C:\Program Files\Wondershare\MobileTrans\DriverInstall.exe" - Wondershare -  - 

==========================================================================================

Schedule Task

       AVG EUpdate Task.job - AVG EUpdate Task.job - avgsetupx.exe -  - Enable - 
       avastBCLS-1-5-21-2305011698-3870448665-3586125232-1007.job - avastBCLS-1-5-21-2305011698-3870448665-3586125232-1007.job - C:\Documents and Settings\Teressa\Application Data\AVAST Software\Browser Cleanup\BCUSched.exe -  - Enable - AVAST Software
       avast! BCU UpdateS-1-5-21-2305011698-3870448665-3586125232-1007.job - avast! BCU UpdateS-1-5-21-2305011698-3870448665-3586125232-1007.job - C:\Documents and Settings\Teressa\Application Data\AVAST Software\Browser Cleanup\BCUUpdate.exe -  - Enable - AVAST Software
       Antivirus Emergency Update.job - Antivirus Emergency Update.job - C:\Program Files\AVG\Antivirus\AvEmUpdate.exe -  - Enable - AVG Technologies CZ, s.r.o.
       Adobe Flash Player Updater.job - Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe - This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes. - Enable - Adobe Systems Incorporated
       GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job - GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. - Enable - Google Inc.
       GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job - GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. - Enable - Google Inc.
       GoogleUpdateTaskMachineUA.job - GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe - Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. - Enable - Google Inc.
       GoogleUpdateTaskMachineCore.job - GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe - Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. - Enable - Google Inc.
       Google Software Updater.job - Google Software Updater.job - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. - Enable - Google
       SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job - SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe - SUPERAntiSpyware Scheduled Task - Enable - SUPERAdBlocker.com
       SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job - SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe - SUPERAntiSpyware Scheduled Task - Enable - SUPERAdBlocker.com
       SUPERAntiSpyware Scheduled Task a1aece79-3047-4be8-9c43-0fbaf4ab5b92.job - SUPERAntiSpyware Scheduled Task a1aece79-3047-4be8-9c43-0fbaf4ab5b92.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe - SUPERAntiSpyware Scheduled Task - Enable - SUPERAdBlocker.com
       Tweaking.com - Windows Repair Tray Icon.job - Tweaking.com - Windows Repair Tray Icon.job - C:\Documents and Settings\Teressa\Desktop\WR_Tray_Icon.exe - Created By Tweaking.com - Windows Repair - Enable - Tweaking.com

==========================================================================================

File Association

       Nothing

==========================================================================================

IFEO

       Nothing

==========================================================================================

IME/CTF

       Nothing

==========================================================================================

Firewall Rule

       Nothing

==========================================================================================

System User Name

       Nothing

==========================================================================================

Scan MBR Rootkit

       Nothing

Sanity Check

[*]Analysis

---

Analyzing your system ...

Some driver entry points are being hijacked by other modules



[*]Module avgStmXP.sys is overwriting one or more dispatch entry points of other drivers running in the system. This controversial technique could be the work of malware running in the system but it could also be the work of legitimate software.

Information about the responsible module avgStmXP.sys:

file path: C:\WINDOWS\system32\drivers\avgstmxp.sys
product: AVG Internet Security System
description: AVG Stream Filter
company: AVG Technologies CZ, s.r.o.
Click here to do a Google search on avgStmXP.sys

---

Conclusion

---

Irregularities have been detected on your system which indicate your system is possibly compromised by malware but it may also be that these are caused by a legitimate product. If you do not know what these files are about it is suggested that you locate the above mentioned files and do a search on their filenames with Google. This may help you find out whether the reported issues are the work of a legitimate product that you have installed deliberately or the work of a rootkit of other malware.

As always, we suggest you use a good antivirus scanner which does not make use of any controversial techniques and always practice caution when downloading files and opening email attachments.

Note that is is not always possible to make a clear distinction between malware and legitimate products. This is because certain legitimate products resort to agressive controversial techniques as an anti-piracy measure, to avoid debugging or for anti-competetive purposes. Antivirus or other security software may be making use of rootkit-like techniques in an attempt to hide itself from malware. Worse, such products may be involved in a controversial race along the lines of "defeat evil with its own weapons".


About your system:

Windows version: Windows XP Service Pack 3, 5.1, build: 2600
Windows dir: C:\WINDOWS
CPU: GenuineIntel Intel(R) Pentium(R) 4 CPU 2.60GHz Intel586, level: 15
1 logical processors, active mask: 1
RAM: 2683285504 total

Report generated on 10/10/2017 10:48:18 PM

Excellent work. All possible malware has now been ruled out.

Check for Windows Updates
Follow the instructions below to check for available Windows Updates and install them:

• Click on the Windows Start Menu and select Control Panel;
  
• From there, click on System and Security and select Windows Updates;
  
• Click on the Check for updates button in the left-pane;
  
• Wait for the scan to complete and see which updates are found, Important Updates and Recommended Updates (or Optional Updates);
  
• Click on X Important Updates (X being the number of updates being found) and make sure that they are all checked;
  
• Install every Important Updates found and restart your computer once it's done;
  

If the installation fails, please upload and send me the two following files:

• C:\Windows\WindowsUpdate.log
  
• C:\Windows\Logs\CBS\CBS.log
  

BSOD Minidumps
Follow the instructions below to get and upload your BSOD minidumps so I can analyze them:

• Create a new folder on your Desktop called dumps;
  
• Go in your C:\windows\minidump folder, copy every files inside then paste them in your dumps folder;
  
• Right-click on the dumps folder, select Send to then Compressed (zipped) folder;
  
• Attach the compressed folder (archive) to your next reply and post it;
  

I searched for updates, it took forever.  During the search I noticed the yellow shield that was in my tray disappeared.  Also, my AVG disappeared from the tray as well.  I finally stopped the search and started it again, this time it only took a couple of minutes.  There are only optional updates, not any Important or High Priority updates.

My MiniDump folder is empty.  It does not contain any folders at all.

Would you list the optional updates please?

These are the most current updates, that took place on their own.

Office 2007	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3213647)		Wednesday, October 11, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3213644)		Wednesday, September 13, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office 2007 suites (KB3213641)		Wednesday, September 13, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office 2007 suites (KB4011063)		Wednesday, September 13, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011064)		Wednesday, September 13, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office 2007 suites (KB3213640)		Wednesday, July 12, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3191897)		Wednesday, July 12, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office 2007 suites (KB3203436)		Wednesday, June 14, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office 2007 suites (KB3191828)		Wednesday, June 14, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3203438)		Wednesday, June 14, 2017	Automatic

These are optional updates;

These updates must be installed separately Updates listed here can have system-wide effects or address more than one problem. It's a good idea to install them now and then check again, starting from the Home page, for remaining updates. Microsoft Windows XP Microsoft .NET Framework 4 Client Profile for Windows XP x86 (KB982670) Download size: 28.9 MB , 1 minute The Microsoft .NET Framework 4 Client Profile provides a subset of features from the .NET Framework 4. The Client Profile is designed to run client applications and to enable the fastest possible deployment for Windows Presentation Foundation (WPF) and Windows Forms technology.  Details... Don't show this update again

Select and install other updates You can select other updates only after you install, or choose not to install, any updates selected above. If no updates appear below, see the options to the left. Optional software updates       Microsoft Windows XP Update for Windows XP (KB2808679) Typical download size: 274 KB , less than 1 minute Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Update for Windows XP (KB2632503) Download size: 784 KB , less than 1 minute Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Update for Internet Explorer 8 Compatibility View List for Windows XP (KB2598845) Download size: 486 KB , less than 1 minute This Compatibility View List update helps make Web sites that are designed for older browsers look better in Internet Explorer 8. When users install Internet Explorer 8, they will be given a choice about opting-in to a list of sites that should be displayed in Compatibility View. After you install this item, you may have to restart Internet Explorer.  Details... Don't show this update again Update for Windows XP (KB2492386) Download size: 1004 KB , less than 1 minute Install this update to resolve a set of known application compatibility issues with Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Windows PowerShell 2.0 and WinRM 2.0 for Windows XP and Windows Embedded (KB968930) Download size: 5.9 MB , less than 1 minute The Windows Management Framework Core package includes Windows PowerShell 2.0 and Windows Remote Management (WinRM) 2.0. For more information on the Windows Management Framework, see http://support.microsoft.com/kb/968929.  Details... Don't show this update again Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) Download size: 626 KB , less than 1 minute Base Smart Card Cryptographic Service Provider (Base CSP) allows smart card vendors to more easily enable their smart cards on Windows with a lightweight proprietary card module instead of a full proprietary CSP. After you install this item, you may have to restart your computer.  Details... Don't show this update again Windows Search 4.0 for Windows XP (KB940157) Download size: 5.3 MB , less than 1 minute Windows Search 4.0 helps you to find, preview, and use your documents, e-mail, music, photos, and other items. On an upgrade from previous versions, you will need to rebuild your index. After you install this item, you may have to restart your computer.  Details... Don't show this update again   Microsoft Skype for Windows Skype for Windows desktop 7.3 (KB2876229) Download size: 43.6 MB , 2 minutes Stay in touch with friends and family with free Skype-to-Skype calls and messages.  Details... Don't show this update again   Microsoft Windows Live Windows Live Essentials Download size: 1.1 MB , less than 1 minute Windows Live Essentials provides a set of free programs that help you stay in touch with the people you care about most, edit and share your photos and memories, and even help you keep your kids safer online. Programs include Windows Live Messenger, Mail, Writer, Photo Gallery, Family Safety, Toolbar, and Movie Maker.  Details... Don't show this update again Select Optional Hardware Updates These updates are not critical to your computer's security or performance but they can improve how some features, programs, or devices work. To help protect your computer, make sure you install all high-priority updates. Restore and Check Again Only selected updates will appear the next time you check for updates.  Review and install updates Total:  0 updates , 0 KB , 0 minutes Optional hardware updates Dell Inc. Dell 1905FP (Analog) Dell Inc. - Other Hardware - Dell 1905FP (Analog) Download size: 14 KB , less than 1 minute Dell Inc. monitor software update released on July 09 2004.  Details... Don't show this update again Intel Intel(R) PRO/100 VE Network Connection Intel Corporation - Networking - Intel(R) PRO/100 VE Network Connection Download size: 218 KB , less than 1 minute Intel network software update released on June 13 2005.  Details... Don't show this update again Nvidia NVIDIA GeForce FX 5200 Nvidia Corporation - Video - NVIDIA GeForce FX 5200 Download size: 12.2 MB , less than 1 minute NVIDIA display software update released on July 28 2003.  Details... Don't show this update again Western Digital Technologies WD SES Device Western Digital Technologies - Other hardware - WD SES Device Download size: 31 KB , less than 1 minute Western Digital Technologies Other hardware software update released in January, 2011  Details... Don't show this update again   Select Updates for Windows XP To help protect your computer, we strongly recommend you install all high-priority updates. To select updates for other product updates, use the options to the left. Restore and Check Again Only selected updates will appear the next time you check for updates.  Review and install updates Total:  0 updates , 0 KB , 0 minutes These updates must be installed separately Updates listed here can have system-wide effects or address more than one problem. It's a good idea to install them now and then check again, starting from the Home page, for remaining updates. Microsoft Windows XP Microsoft .NET Framework 4 Client Profile for Windows XP x86 (KB982670) Download size: 28.9 MB , 1 minute The Microsoft .NET Framework 4 Client Profile provides a subset of features from the .NET Framework 4. The Client Profile is designed to run client applications and to enable the fastest possible deployment for Windows Presentation Foundation (WPF) and Windows Forms technology.  Details... Don't show this update again Select and install other updates You can select other updates only after you install, or choose not to install, any updates selected above. If no updates appear below, see the options to the left. High-priority updates No high-priority updates for Windows XP are available. Optional software updates       Microsoft Windows XP Update for Windows XP (KB2808679) Typical download size: 274 KB , less than 1 minute Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Update for Windows XP (KB2632503) Download size: 784 KB , less than 1 minute Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Update for Internet Explorer 8 Compatibility View List for Windows XP (KB2598845) Download size: 486 KB , less than 1 minute This Compatibility View List update helps make Web sites that are designed for older browsers look better in Internet Explorer 8. When users install Internet Explorer 8, they will be given a choice about opting-in to a list of sites that should be displayed in Compatibility View. After you install this item, you may have to restart Internet Explorer.  Details... Don't show this update again Update for Windows XP (KB2492386) Download size: 1004 KB , less than 1 minute Install this update to resolve a set of known application compatibility issues with Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Windows PowerShell 2.0 and WinRM 2.0 for Windows XP and Windows Embedded (KB968930) Download size: 5.9 MB , less than 1 minute The Windows Management Framework Core package includes Windows PowerShell 2.0 and Windows Remote Management (WinRM) 2.0. For more information on the Windows Management Framework, see http://support.microsoft.com/kb/968929.  Details... Don't show this update again Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) Download size: 626 KB , less than 1 minute Base Smart Card Cryptographic Service Provider (Base CSP) allows smart card vendors to more easily enable their smart cards on Windows with a lightweight proprietary card module instead of a full proprietary CSP. After you install this item, you may have to restart your computer.  Details... Don't show this update again Windows Search 4.0 for Windows XP (KB940157) Download size: 5.3 MB , less than 1 minute Windows Search 4.0 helps you to find, preview, and use your documents, e-mail, music, photos, and other items. On an upgrade from previous versions, you will need to rebuild your index. After you install this item, you may have to restart your computer.  Details... Don't show this update again

Optional software updates

Microsoft Windows Live



Windows Live Essentials

Download size: 1.1 MB , less than 1 minute
Windows Live Essentials provides a set of free programs that help you stay in touch with the people you care about most, edit and share your photos and memories, and even help you keep your kids safer online. Programs include Windows Live Messenger, Mail, Writer, Photo Gallery, Family Safety, Toolbar, and Movie Maker.  Details...
Don't show this update again


All that is the two three responses above and There is also one for Scype

Since you have free space on the system, would you install the optional updates?

If you would rather install only what's necessary, then let me know. I can take a closer look later if needed after I return home from work.

I am still working on this.  I did one set of the optional updates, the computer restarted after the updates were done.  I then went back to see what other optional updates were there, and found there were now Important Updates, that were not there before. There are now even more optional updates.  I finished the important ones, which you will see below.  I will go back and see what is left.


Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2604121)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2737019)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2729449)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2789642)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2840628)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2858302)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Server 2008 x86 (KB2861188)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2898855)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2901110)
Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2836939)

Let me know of any progress as it comes along, please.

Below are the updates.  I do have a problem since updating.  My tool bar at the bottom is shoved downward so it is harder to see the Start button, and an Identity Login keeps opening up attempting to get me to log into my old email account that I have not used in years.  

Windows XP	Western Digital Technologies - Other hardware - WD SES Device		Thursday, October 12, 2017	Microsoft Update
Windows XP	Intel Corporation - Networking - Intel(R) PRO/100 VE Network Connection		Thursday, October 12, 2017	Microsoft Update
Windows XP	Dell Inc. - Other Hardware - Dell 1905FP (Analog)		Thursday, October 12, 2017	Microsoft Update
Windows XP	Nvidia Corporation - Video - NVIDIA GeForce FX 5200		Thursday, October 12, 2017	Microsoft Update
Windows XP	Security Update for Windows XP (KB963093)		Thursday, October 12, 2017	Microsoft Update
Windows XP	Update for Windows XP (KB2808679)		Wednesday, October 11, 2017	Microsoft Update
Windows XP	Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2600217)		Wednesday, October 11, 2017	Microsoft Update
Windows XP	Update for Windows XP (KB2632503)		Wednesday, October 11, 2017	Microsoft Update
Windows XP	Update for Internet Explorer 8 Compatibility View List for Windows XP (KB2598845)		Wednesday, October 11, 2017	Microsoft Update
Windows XP	Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871)		Wednesday, October 11, 2017	Microsoft Update

Excellent work. What program was the old email account?

Attempt to expand the taskbar a bit and see if it resolves.

The email account is Outlook Express.  The task bar has no happy medium any longer.  It's either too far down, or too far up.  I attempted to run Avast again, and it still does not detect Firefox.  Also, I noticed when I am in Chrome, or Firefox, if I go to a site, like this one for example, some of the words are highlighted in blue, I accidentally clicked on one to go to what I thought was a program you told me to install.  But, it was not.  It directed me to some other site that was broken.  Up above one of the Microsoft words is in blue, and if I hover over it, it shows to be an Amazon link.  Is your site set up this way, or are my browsers hijacked to do this?

Firefox cannot be cleaned with that tool then, so we can do a manual cleanup.

The links listed are affiliate links automatically added by this website, and they are supposed to be fully safe according to our contract with VigLink.

A screenshot of the taskbar would be a good idea if you can obtain one please.

---

NOTE: If you already have this installed, you don't have to reinstall it. Please download CCleaner When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program.

• Double-click the CCleaner shortcut on the desktop to start the program.
  
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  

Here's what we need:

I can deal with the toolbar.  There is something that is going on, that stated when the problems started with the PC.  Creative Mixer opens on it's own.  I close it, but it eventually will repoen again, all on its own.  

I updated CCleaner, since it did not look like what you have in the diagram.  A message did not popup asking what cookies I wanted to keep, but I did run the cleaner, and followed the diagram and saved the log showing my browser plugins.  The log is below.

Yes Extension Application Update Service Helper 2.0 default-1497918994859 Firefox 52.4.0 C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
No Extension Microsoft .NET Framework Assistant 0.0.0 Microsoft default-1497918994859 Firefox 52.4.0 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
Yes Extension Multi-process staged rollout 1.10 default-1497918994859 Firefox 52.4.0 C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Yes Extension Pocket 1.0.5 default-1497918994859 Firefox 52.4.0 C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Yes Extension Web Compat 1.0 default-1497918994859 Firefox 52.4.0 C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Yes Plugin Adobe Acrobat 11.0.8.4 Adobe Systems Inc. default-1497918994859 Firefox 52.4.0 C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Yes Plugin getPlusPlus for Adobe 16291 1.6.2.91 NOS Microsystems Ltd. default-1497918994859 Firefox 52.4.0 C:\Program Files\NOS\bin\np_gp.dll
Yes Plugin Google Talk Plugin 5.41.3.0 Google default-1497918994859 Firefox 52.4.0 C:\Documents and Settings\Teressa\Application Data\Mozilla\plugins\npgoogletalk.dll
Yes Plugin Google Talk Plugin Video Renderer 5.41.3.0 Google default-1497918994859 Firefox 52.4.0 C:\Documents and Settings\Teressa\Application Data\Mozilla\plugins\npo1d.dll
Yes Plugin Google Update 1.3.33.5 Google Inc. default-1497918994859 Firefox 52.4.0 C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll
Yes Plugin Google Updater 2.4.2432.1652 Google default-1497918994859 Firefox 52.4.0 C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
Yes Plugin Java Deployment Toolkit 7.0.90.5 10.9.2.5 Oracle Corporation default-1497918994859 Firefox 52.4.0 C:\WINDOWS\system32\npdeployJava1.dll
Yes Plugin Microsoft® DRM 9.0.0.4503 Microsoft Corporation default-1497918994859 Firefox 52.4.0 C:\Program Files\Windows Media Player\npdrmv2.dll
Yes Plugin Microsoft® DRM 9.0.0.4503 Microsoft Corporation default-1497918994859 Firefox 52.4.0 C:\Program Files\Windows Media Player\npwmsdrm.dll
Yes Plugin Microsoft® Windows Media Services 4.1.0.3917 Microsoft Corporation default-1497918994859 Firefox 52.4.0 C:\WINDOWS\system32\npwmsdrm.dll
Yes Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default-1497918994859 Firefox 52.4.0 C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\gmp-gmpopenh264\1.6\gmpopenh264.dll
Yes Plugin Shockwave Flash 27.0.0.130 Adobe Systems Incorporated default-1497918994859 Firefox 52.4.0 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll
Yes Plugin Silverlight Plug-In 5.1.30514.0 Microsoft Corporation default-1497918994859 Firefox 52.4.0 C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
Yes Plugin VLC Web Plugin 2.2.4.0 VideoLAN default-1497918994859 Firefox 52.4.0 C:\Program Files\VideoLAN\VLC\npvlc.dll
Yes Plugin Windows Media Player Plug-in Dynamic Link Library 3.0.2.629 Microsoft Corporation (written by Digital Renaissance Inc.) default-1497918994859 Firefox 52.4.0 C:\Program Files\Windows Media Player\npdsplay.dll
Yes Plugin Windows Presentation Foundation 3.5.30729.1 Microsoft Corporation default-1497918994859 Firefox 52.4.0 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

I am not sure if there is more to do in the PC.  Please let me know when you can.  Also, how to I check the external hard drive to make sure not of the Pups are in there?  Thanks

Connect all external drives, and then do the following please:

Scan with McSield Please download McShield by dr_bora and save it to your desktop.

• Install it on your machine.
  
• It will initially run a scan and show the result as a toaster by the system clock.
  
• Start the Control Centre by clicking on the icon in your system tray.
  
• Go to the Scanner tab and tick unhide items on flash drives.
  
• Plug in the drive and McShield will start a scan.
  
• A logfile of this scan may be found in the Logs tab of the main screen.
  

Please include that log in your next reply.

The scan was done in just a few seconds which seemed to fast compared to other scans, but the log is below.

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows XP <<<


10/15/2017 1:39:04 PM > Drive C: - scan started (no label ~74 GB, NTFS HDD )...



=> The drive is clean.


10/15/2017 1:39:11 PM > Drive L: - scan started (My Book ~931 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows XP <<<


10/15/2017 1:42:58 PM > Drive L: - scan started (My Book ~931 GB, NTFS HDD )...



=> The drive is clean.

The scans are quick due to the low amount of possible malware infections that can be done on external drives. So those are clean.

What other things can we attempt to solve?

The only thing I can think of is virus protection.  I plan to get a new computer soon, so I don't want to spend a lot.  Right now I have AVG free, and Malwarebytes.  I was using a trail of the pro version of Malwarebytes and I still got infected, and AVG was useless.  Any suggestions on how to keep the creepers out of my XP?

Securing your computer and turning it into a stronghold is the single best step you can take in prevention. Protecting your computer these days is like protecting your identity, and it's highly important to be willing to invest in tools that will help you, because it will save much money in the end. Many premium (paid) programs will be Internet Security Suites, which could be named as an internet security, total security, complete security, premium, plus, etc. Such programs may contain many of the different solutions recommended below, so please read carefully. If you have any questions on purchasing security suites, please ask me at any time.

We call the strategy in the Internet Security community, "Defense in depth." This phrase's definition changes slightly as security methods and other techniques are developed. Therefore, the first line of defense should always be at a minimum an antivirus. However, only install one of them, because having more than one antivirus installed can cause the different programs to conflict with each other due to the way antivirus programs install a driver that helps them scan difficult areas of the OS, which can be flagged by another antivirus program. In addition, if one antivirus program detects a file and the other one does as well, one may delete or quarantine it while the other one is still giving alerts and so on.

Lastly, more than one antivirus can cause performance issues due to the amount of resources each individual antivirus or security program uses. The less "false positives" the better! Antivirus programs work by scanning the file system, Registry, and other areas of the system to check for threats, activating real-time protection or on-access scanning (which helps to protect against infection in the first place and continuously scans the system little by little to ensure security), and some antivirus programs provide other features, including web-page scanning, vulnerability protection, ransomware protection, and much more. There are more ways to safeguard your system, and I would like to instruct that to you once we have your computer cleaned, so that your computer is much more secure in the future. I highly recommend that you stick with me in the end to ensure we can help your computer become very secure. Please also consider installing and using third-party firewall, anti-malware program, anti-exploit, and anti-ransomware programs. A firewall will monitor your internet activity incoming and outgoing, blocking threats effectively and keeping your internet connection protected overall. An anti-malware program can help supplement your antivirus by running its own scans in the background and providing a "second-opinion." Anti-exploit and anti-ransomware programs tend to help you block exploits by helping identify threats before they can "bug" your system. In addition, it may help to secure your files by helping you encrypt them with a password so that they are secure from hackers and ransomers. Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while many other good programs only have a paid version but aren't listed there (such as Kaspersky, Bitdefender, and ESET security products).

ANTIVIRUS Software is where we start:
Avast Free: https://www.avast.com/index
Avira Free: https://www.avira.com/en/free-security-suite
Note on AVG Free: We should remove it!!!


I would recommend we permanently remove AVG and use Avira Free Security Suite (linked to above)

Okay, you said, "ANTIVIRUS Software is where we start:
Avast Free: https://www.avast.com/index
Avira Free: https://www.avira.com/en/free-security-suite
Note on AVG Free: We should remove it!!!
"

I am understanding I need to remove AVG, which do you think is better, Avast or Avira?  Also you stated, "I highly recommend that you stick with me in the end to ensure we can help your computer become very secure".  What more needs to be scanned or cleaned?  What next?

I don't think more scans or cleaning is necessary. I recommend Avira Security Suite. This is a good start.

But first, AVG needs removed.

Run this tool

http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe


Then, if that worked and AVG is not there, please install Avira Security Suite at the link above.

Let me know how it all works out.

When I click on "http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe", I get the following error message,

An error occurred while processing your request.
Reference #132.179202cc.1508273785.24164c14

Sorry, I was on my phone at work, so I was unsure if that link was still valid.

See the following tutorial for more information: https://support.avg.com/SupportArticleView?l=en&urlname=How-to-uninstall-AVG

I uninstalled AVG, attempted to install Avira, but got an alert stating my version of Windows is outdated.  I am without any virus protection at this time.