Possible Malware

I have no idea if this worked or not.  I turned off AVG, but it still showed it was blocking PCHUNTER, but PChunter, still opened a window called "okjoakeoi", where I was able to do the search.  THe results are below.

PC Hunter Standard --- Computer Examination Report
Examination Date: 2017-10-10 22:26
OS Information: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Internet Explorer: 8.0.6001.18702

Examination Items:
      Process
      Process Modules
      Process Threads
      Kernel Module
      Notify Routine
      Filter
      DPC Timer
      Worker Thread
      HalDispatchTable
      HalPrivateDispatchTable
      HalAcpiDispatchTable
      MiniFilter
      File System
      Sfilter FileSystem Filter Callback
      ClassInitData Callback
      Npfs Dispatch Fun
      Msfs Dispatch Fun
      Usbport Dispatch Fun
      System Debug
      Object Hijack
      Direct IO
      GDT
      SSDT
      Shadow SSDT
      FSD
      Keyboard
      I8042prt
      Mouclass
      Partmgr
      Classpnp
      Atapi
      Acpi
      Scsi
      Kernel Hook
      PTE HOOK
      Object Type
      IDT
      Message Hook
      Process Hook
      KernelCallbackTable
      Port
      Tcpip
      Ndis Handler
      IE Plugin
      IE Shell
      Spi
      Hosts File
      Startup
      Service
      Schedule Task
      File Association
      IFEO
      IME/CTF
      Firewall Rule
      System User Name
      Scan MBR Rootkit

==========================================================================================

Process


==========================================================================================

Process Modules


==========================================================================================

Process Threads


==========================================================================================

Kernel Module


==========================================================================================

Notify Routine

       Nothing

==========================================================================================

Filter


==========================================================================================

DPC Timer


==========================================================================================

Worker Thread


==========================================================================================

HalDispatchTable

       Nothing

==========================================================================================

HalPrivateDispatchTable

       Nothing

==========================================================================================

HalAcpiDispatchTable

       Nothing

==========================================================================================

MiniFilter

       Nothing

==========================================================================================

File System

       Nothing

==========================================================================================

Sfilter FileSystem Filter Callback

       Nothing

==========================================================================================

ClassInitData Callback

       Nothing

==========================================================================================

Npfs Dispatch Fun

       Nothing

==========================================================================================

Msfs Dispatch Fun

       Nothing

==========================================================================================

Usbport Dispatch Fun

       Nothing

==========================================================================================

System Debug

       Nothing

==========================================================================================

Object Hijack

       Nothing

==========================================================================================

Direct IO


==========================================================================================

GDT

       Nothing

==========================================================================================

SSDT

       Nothing

==========================================================================================

Shadow SSDT

       Nothing

==========================================================================================

FSD

       Nothing

==========================================================================================

Keyboard

       Nothing

==========================================================================================

I8042prt

       Nothing

==========================================================================================

Mouclass

       Nothing

==========================================================================================

Partmgr

       Nothing

==========================================================================================

Classpnp

       Nothing

==========================================================================================

Atapi

       Nothing

==========================================================================================

Acpi

       Nothing

==========================================================================================

Scsi

       Nothing

==========================================================================================

Kernel Hook

       Nothing

==========================================================================================

PTE HOOK

       Nothing

==========================================================================================

Object Type

       Nothing

==========================================================================================

IDT

       Nothing

==========================================================================================

Message Hook

       Nothing

==========================================================================================

Process Hook

            Nothing

==========================================================================================

KernelCallbackTable

       Nothing

==========================================================================================

Port

       Nothing

==========================================================================================

Tcpip

       Nothing

==========================================================================================

Ndis Handler

       Nothing

==========================================================================================

IE Plugin

       Nothing

==========================================================================================

IE Shell

       Nothing

==========================================================================================

Spi

       Nothing

==========================================================================================

Hosts File

       Nothing

==========================================================================================

Startup

       Nothing

==========================================================================================

Service

       !SASCORE - Started - Automatic - "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" - SUPERAntiSpyware.com -  - 
       AdobeFlashPlayerUpdateSvc - Stopped - Manual - C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe - Adobe Systems Incorporated -  - 
       AVG Antivirus - Started - Automatic - "C:\Program Files\AVG\Antivirus\AVGSvc.exe" - AVG Technologies CZ, s.r.o. -  - 
       avgbIDSAgent - Stopped - Manual - "C:\Program Files\AVG\Antivirus\aswidsagent.exe" - AVG Technologies CZ, s.r.o. -  - 
       avgsvc - Started - Automatic - "C:\Program Files\AVG\Framework\Common\avgsvcx.exe" - AVG Technologies CZ, s.r.o. -  - 
       Bonjour Service - Stopped - Manual - "C:\Program Files\Bonjour\mDNSResponder.exe" - Apple Inc. -  - 
       Creative Service for CDROM Access - Started - Automatic - C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE - Creative Technology Ltd -  - 
       EPSON_PM_RPCV4_04 - Started - Automatic - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE - SEIKO EPSON CORPORATION -  - 
       gupdate - Stopped - Automatic - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc - Google Inc. -  - 
       gupdatem - Stopped - Manual - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc - Google Inc. -  - 
       gusvc - Stopped - Automatic - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - Google -  - 
       IDriverT - Stopped - Manual - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" - Macrovision Corporation -  - 
       LightScribeService - Started - Automatic - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" - Hewlett-Packard Company -  - 
       MBAMService - Started - Automatic - "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" - Malwarebytes -  - 
       MozillaMaintenance - Stopped - Manual - "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" - Mozilla Foundation -  - 
       Nero BackItUp Scheduler 4.0 - Started - Automatic - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe - Nero AG -  - 
       NetSvc - Stopped - Manual - C:\Program Files\Intel\NCS\Sync\NetSvc.exe - Intel(R) Corporation -  - 
       NVSvc - Started - Automatic - C:\WINDOWS\SYSTEM32\nvsvc32.exe - NVIDIA Corporation -  - 
       Pml Driver - Stopped - Manual - C:\WINDOWS\SYSTEM32\hphipm09.exe - HP -  - 
       RoxLiveShare9 - Stopped - Disabled - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" - File not found -  - 
       TeamViewer - Stopped - Automatic - "C:\Program Files\TeamViewer\TeamViewer_Service.exe" - File not found -  - 
       WsDrvInst - Stopped - Manual - "C:\Program Files\Wondershare\MobileTrans\DriverInstall.exe" - Wondershare -  - 

==========================================================================================

Schedule Task

       AVG EUpdate Task.job - AVG EUpdate Task.job - avgsetupx.exe -  - Enable - 
       avastBCLS-1-5-21-2305011698-3870448665-3586125232-1007.job - avastBCLS-1-5-21-2305011698-3870448665-3586125232-1007.job - C:\Documents and Settings\Teressa\Application Data\AVAST Software\Browser Cleanup\BCUSched.exe -  - Enable - AVAST Software
       avast! BCU UpdateS-1-5-21-2305011698-3870448665-3586125232-1007.job - avast! BCU UpdateS-1-5-21-2305011698-3870448665-3586125232-1007.job - C:\Documents and Settings\Teressa\Application Data\AVAST Software\Browser Cleanup\BCUUpdate.exe -  - Enable - AVAST Software
       Antivirus Emergency Update.job - Antivirus Emergency Update.job - C:\Program Files\AVG\Antivirus\AvEmUpdate.exe -  - Enable - AVG Technologies CZ, s.r.o.
       Adobe Flash Player Updater.job - Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe - This task keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. If this task is disabled or removed, Adobe Flash Player will be unable to automatically secure your machine with the latest security fixes. - Enable - Adobe Systems Incorporated
       GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job - GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. - Enable - Google Inc.
       GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job - GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. - Enable - Google Inc.
       GoogleUpdateTaskMachineUA.job - GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe - Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. - Enable - Google Inc.
       GoogleUpdateTaskMachineCore.job - GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe - Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it. - Enable - Google Inc.
       Google Software Updater.job - Google Software Updater.job - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. - Enable - Google
       SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job - SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe - SUPERAntiSpyware Scheduled Task - Enable - SUPERAdBlocker.com
       SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job - SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe - SUPERAntiSpyware Scheduled Task - Enable - SUPERAdBlocker.com
       SUPERAntiSpyware Scheduled Task a1aece79-3047-4be8-9c43-0fbaf4ab5b92.job - SUPERAntiSpyware Scheduled Task a1aece79-3047-4be8-9c43-0fbaf4ab5b92.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe - SUPERAntiSpyware Scheduled Task - Enable - SUPERAdBlocker.com
       Tweaking.com - Windows Repair Tray Icon.job - Tweaking.com - Windows Repair Tray Icon.job - C:\Documents and Settings\Teressa\Desktop\WR_Tray_Icon.exe - Created By Tweaking.com - Windows Repair - Enable - Tweaking.com

==========================================================================================

File Association

       Nothing

==========================================================================================

IFEO

       Nothing

==========================================================================================

IME/CTF

       Nothing

==========================================================================================

Firewall Rule

       Nothing

==========================================================================================

System User Name

       Nothing

==========================================================================================

Scan MBR Rootkit

       Nothing

Sanity Check

[*]Analysis

---

Analyzing your system ...

Some driver entry points are being hijacked by other modules



[*]Module avgStmXP.sys is overwriting one or more dispatch entry points of other drivers running in the system. This controversial technique could be the work of malware running in the system but it could also be the work of legitimate software.

Information about the responsible module avgStmXP.sys:

file path: C:\WINDOWS\system32\drivers\avgstmxp.sys
product: AVG Internet Security System
description: AVG Stream Filter
company: AVG Technologies CZ, s.r.o.
Click here to do a Google search on avgStmXP.sys

---

Conclusion

---

Irregularities have been detected on your system which indicate your system is possibly compromised by malware but it may also be that these are caused by a legitimate product. If you do not know what these files are about it is suggested that you locate the above mentioned files and do a search on their filenames with Google. This may help you find out whether the reported issues are the work of a legitimate product that you have installed deliberately or the work of a rootkit of other malware.

As always, we suggest you use a good antivirus scanner which does not make use of any controversial techniques and always practice caution when downloading files and opening email attachments.

Note that is is not always possible to make a clear distinction between malware and legitimate products. This is because certain legitimate products resort to agressive controversial techniques as an anti-piracy measure, to avoid debugging or for anti-competetive purposes. Antivirus or other security software may be making use of rootkit-like techniques in an attempt to hide itself from malware. Worse, such products may be involved in a controversial race along the lines of "defeat evil with its own weapons".


About your system:

Windows version: Windows XP Service Pack 3, 5.1, build: 2600
Windows dir: C:\WINDOWS
CPU: GenuineIntel Intel(R) Pentium(R) 4 CPU 2.60GHz Intel586, level: 15
1 logical processors, active mask: 1
RAM: 2683285504 total

Report generated on 10/10/2017 10:48:18 PM

Excellent work. All possible malware has now been ruled out.

Check for Windows Updates
Follow the instructions below to check for available Windows Updates and install them:

• Click on the Windows Start Menu and select Control Panel;
  
• From there, click on System and Security and select Windows Updates;
  
• Click on the Check for updates button in the left-pane;
  
• Wait for the scan to complete and see which updates are found, Important Updates and Recommended Updates (or Optional Updates);
  
• Click on X Important Updates (X being the number of updates being found) and make sure that they are all checked;
  
• Install every Important Updates found and restart your computer once it's done;
  

If the installation fails, please upload and send me the two following files:

• C:\Windows\WindowsUpdate.log
  
• C:\Windows\Logs\CBS\CBS.log
  

BSOD Minidumps
Follow the instructions below to get and upload your BSOD minidumps so I can analyze them:

• Create a new folder on your Desktop called dumps;
  
• Go in your C:\windows\minidump folder, copy every files inside then paste them in your dumps folder;
  
• Right-click on the dumps folder, select Send to then Compressed (zipped) folder;
  
• Attach the compressed folder (archive) to your next reply and post it;
  

I searched for updates, it took forever.  During the search I noticed the yellow shield that was in my tray disappeared.  Also, my AVG disappeared from the tray as well.  I finally stopped the search and started it again, this time it only took a couple of minutes.  There are only optional updates, not any Important or High Priority updates.

My MiniDump folder is empty.  It does not contain any folders at all.

Would you list the optional updates please?

These are the most current updates, that took place on their own.

Office 2007	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3213647)		Wednesday, October 11, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3213644)		Wednesday, September 13, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office 2007 suites (KB3213641)		Wednesday, September 13, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office 2007 suites (KB4011063)		Wednesday, September 13, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB4011064)		Wednesday, September 13, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office 2007 suites (KB3213640)		Wednesday, July 12, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3191897)		Wednesday, July 12, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office 2007 suites (KB3203436)		Wednesday, June 14, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office 2007 suites (KB3191828)		Wednesday, June 14, 2017	Automatic Updates
Office 2007	Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3203438)		Wednesday, June 14, 2017	Automatic

These are optional updates;

These updates must be installed separately Updates listed here can have system-wide effects or address more than one problem. It's a good idea to install them now and then check again, starting from the Home page, for remaining updates. Microsoft Windows XP Microsoft .NET Framework 4 Client Profile for Windows XP x86 (KB982670) Download size: 28.9 MB , 1 minute The Microsoft .NET Framework 4 Client Profile provides a subset of features from the .NET Framework 4. The Client Profile is designed to run client applications and to enable the fastest possible deployment for Windows Presentation Foundation (WPF) and Windows Forms technology.  Details... Don't show this update again

Select and install other updates You can select other updates only after you install, or choose not to install, any updates selected above. If no updates appear below, see the options to the left. Optional software updates       Microsoft Windows XP Update for Windows XP (KB2808679) Typical download size: 274 KB , less than 1 minute Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Update for Windows XP (KB2632503) Download size: 784 KB , less than 1 minute Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Update for Internet Explorer 8 Compatibility View List for Windows XP (KB2598845) Download size: 486 KB , less than 1 minute This Compatibility View List update helps make Web sites that are designed for older browsers look better in Internet Explorer 8. When users install Internet Explorer 8, they will be given a choice about opting-in to a list of sites that should be displayed in Compatibility View. After you install this item, you may have to restart Internet Explorer.  Details... Don't show this update again Update for Windows XP (KB2492386) Download size: 1004 KB , less than 1 minute Install this update to resolve a set of known application compatibility issues with Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Windows PowerShell 2.0 and WinRM 2.0 for Windows XP and Windows Embedded (KB968930) Download size: 5.9 MB , less than 1 minute The Windows Management Framework Core package includes Windows PowerShell 2.0 and Windows Remote Management (WinRM) 2.0. For more information on the Windows Management Framework, see http://support.microsoft.com/kb/968929.  Details... Don't show this update again Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) Download size: 626 KB , less than 1 minute Base Smart Card Cryptographic Service Provider (Base CSP) allows smart card vendors to more easily enable their smart cards on Windows with a lightweight proprietary card module instead of a full proprietary CSP. After you install this item, you may have to restart your computer.  Details... Don't show this update again Windows Search 4.0 for Windows XP (KB940157) Download size: 5.3 MB , less than 1 minute Windows Search 4.0 helps you to find, preview, and use your documents, e-mail, music, photos, and other items. On an upgrade from previous versions, you will need to rebuild your index. After you install this item, you may have to restart your computer.  Details... Don't show this update again   Microsoft Skype for Windows Skype for Windows desktop 7.3 (KB2876229) Download size: 43.6 MB , 2 minutes Stay in touch with friends and family with free Skype-to-Skype calls and messages.  Details... Don't show this update again   Microsoft Windows Live Windows Live Essentials Download size: 1.1 MB , less than 1 minute Windows Live Essentials provides a set of free programs that help you stay in touch with the people you care about most, edit and share your photos and memories, and even help you keep your kids safer online. Programs include Windows Live Messenger, Mail, Writer, Photo Gallery, Family Safety, Toolbar, and Movie Maker.  Details... Don't show this update again Select Optional Hardware Updates These updates are not critical to your computer's security or performance but they can improve how some features, programs, or devices work. To help protect your computer, make sure you install all high-priority updates. Restore and Check Again Only selected updates will appear the next time you check for updates.  Review and install updates Total:  0 updates , 0 KB , 0 minutes Optional hardware updates Dell Inc. Dell 1905FP (Analog) Dell Inc. - Other Hardware - Dell 1905FP (Analog) Download size: 14 KB , less than 1 minute Dell Inc. monitor software update released on July 09 2004.  Details... Don't show this update again Intel Intel(R) PRO/100 VE Network Connection Intel Corporation - Networking - Intel(R) PRO/100 VE Network Connection Download size: 218 KB , less than 1 minute Intel network software update released on June 13 2005.  Details... Don't show this update again Nvidia NVIDIA GeForce FX 5200 Nvidia Corporation - Video - NVIDIA GeForce FX 5200 Download size: 12.2 MB , less than 1 minute NVIDIA display software update released on July 28 2003.  Details... Don't show this update again Western Digital Technologies WD SES Device Western Digital Technologies - Other hardware - WD SES Device Download size: 31 KB , less than 1 minute Western Digital Technologies Other hardware software update released in January, 2011  Details... Don't show this update again   Select Updates for Windows XP To help protect your computer, we strongly recommend you install all high-priority updates. To select updates for other product updates, use the options to the left. Restore and Check Again Only selected updates will appear the next time you check for updates.  Review and install updates Total:  0 updates , 0 KB , 0 minutes These updates must be installed separately Updates listed here can have system-wide effects or address more than one problem. It's a good idea to install them now and then check again, starting from the Home page, for remaining updates. Microsoft Windows XP Microsoft .NET Framework 4 Client Profile for Windows XP x86 (KB982670) Download size: 28.9 MB , 1 minute The Microsoft .NET Framework 4 Client Profile provides a subset of features from the .NET Framework 4. The Client Profile is designed to run client applications and to enable the fastest possible deployment for Windows Presentation Foundation (WPF) and Windows Forms technology.  Details... Don't show this update again Select and install other updates You can select other updates only after you install, or choose not to install, any updates selected above. If no updates appear below, see the options to the left. High-priority updates No high-priority updates for Windows XP are available. Optional software updates       Microsoft Windows XP Update for Windows XP (KB2808679) Typical download size: 274 KB , less than 1 minute Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Update for Windows XP (KB2632503) Download size: 784 KB , less than 1 minute Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Update for Internet Explorer 8 Compatibility View List for Windows XP (KB2598845) Download size: 486 KB , less than 1 minute This Compatibility View List update helps make Web sites that are designed for older browsers look better in Internet Explorer 8. When users install Internet Explorer 8, they will be given a choice about opting-in to a list of sites that should be displayed in Compatibility View. After you install this item, you may have to restart Internet Explorer.  Details... Don't show this update again Update for Windows XP (KB2492386) Download size: 1004 KB , less than 1 minute Install this update to resolve a set of known application compatibility issues with Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.  Details... Don't show this update again Windows PowerShell 2.0 and WinRM 2.0 for Windows XP and Windows Embedded (KB968930) Download size: 5.9 MB , less than 1 minute The Windows Management Framework Core package includes Windows PowerShell 2.0 and Windows Remote Management (WinRM) 2.0. For more information on the Windows Management Framework, see http://support.microsoft.com/kb/968929.  Details... Don't show this update again Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) Download size: 626 KB , less than 1 minute Base Smart Card Cryptographic Service Provider (Base CSP) allows smart card vendors to more easily enable their smart cards on Windows with a lightweight proprietary card module instead of a full proprietary CSP. After you install this item, you may have to restart your computer.  Details... Don't show this update again Windows Search 4.0 for Windows XP (KB940157) Download size: 5.3 MB , less than 1 minute Windows Search 4.0 helps you to find, preview, and use your documents, e-mail, music, photos, and other items. On an upgrade from previous versions, you will need to rebuild your index. After you install this item, you may have to restart your computer.  Details... Don't show this update again

Optional software updates

Microsoft Windows Live



Windows Live Essentials

Download size: 1.1 MB , less than 1 minute
Windows Live Essentials provides a set of free programs that help you stay in touch with the people you care about most, edit and share your photos and memories, and even help you keep your kids safer online. Programs include Windows Live Messenger, Mail, Writer, Photo Gallery, Family Safety, Toolbar, and Movie Maker.  Details...
Don't show this update again


All that is the two three responses above and There is also one for Scype

Since you have free space on the system, would you install the optional updates?

If you would rather install only what's necessary, then let me know. I can take a closer look later if needed after I return home from work.

I am still working on this.  I did one set of the optional updates, the computer restarted after the updates were done.  I then went back to see what other optional updates were there, and found there were now Important Updates, that were not there before. There are now even more optional updates.  I finished the important ones, which you will see below.  I will go back and see what is left.


Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2604121)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2737019)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2729449)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2742595)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2789642)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2840628)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2858302)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Server 2008 x86 (KB2861188)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2898855)
Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2901110)
Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2836939)

Let me know of any progress as it comes along, please.

Below are the updates.  I do have a problem since updating.  My tool bar at the bottom is shoved downward so it is harder to see the Start button, and an Identity Login keeps opening up attempting to get me to log into my old email account that I have not used in years.  

Windows XP	Western Digital Technologies - Other hardware - WD SES Device		Thursday, October 12, 2017	Microsoft Update
Windows XP	Intel Corporation - Networking - Intel(R) PRO/100 VE Network Connection		Thursday, October 12, 2017	Microsoft Update
Windows XP	Dell Inc. - Other Hardware - Dell 1905FP (Analog)		Thursday, October 12, 2017	Microsoft Update
Windows XP	Nvidia Corporation - Video - NVIDIA GeForce FX 5200		Thursday, October 12, 2017	Microsoft Update
Windows XP	Security Update for Windows XP (KB963093)		Thursday, October 12, 2017	Microsoft Update
Windows XP	Update for Windows XP (KB2808679)		Wednesday, October 11, 2017	Microsoft Update
Windows XP	Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2600217)		Wednesday, October 11, 2017	Microsoft Update
Windows XP	Update for Windows XP (KB2632503)		Wednesday, October 11, 2017	Microsoft Update
Windows XP	Update for Internet Explorer 8 Compatibility View List for Windows XP (KB2598845)		Wednesday, October 11, 2017	Microsoft Update
Windows XP	Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871)		Wednesday, October 11, 2017	Microsoft Update

Excellent work. What program was the old email account?

Attempt to expand the taskbar a bit and see if it resolves.

The email account is Outlook Express.  The task bar has no happy medium any longer.  It's either too far down, or too far up.  I attempted to run Avast again, and it still does not detect Firefox.  Also, I noticed when I am in Chrome, or Firefox, if I go to a site, like this one for example, some of the words are highlighted in blue, I accidentally clicked on one to go to what I thought was a program you told me to install.  But, it was not.  It directed me to some other site that was broken.  Up above one of the Microsoft words is in blue, and if I hover over it, it shows to be an Amazon link.  Is your site set up this way, or are my browsers hijacked to do this?

Firefox cannot be cleaned with that tool then, so we can do a manual cleanup.

The links listed are affiliate links automatically added by this website, and they are supposed to be fully safe according to our contract with VigLink.

A screenshot of the taskbar would be a good idea if you can obtain one please.

---

NOTE: If you already have this installed, you don't have to reinstall it. Please download CCleaner When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program.

• Double-click the CCleaner shortcut on the desktop to start the program.
  
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
  

Here's what we need:

I can deal with the toolbar.  There is something that is going on, that stated when the problems started with the PC.  Creative Mixer opens on it's own.  I close it, but it eventually will repoen again, all on its own.  

I updated CCleaner, since it did not look like what you have in the diagram.  A message did not popup asking what cookies I wanted to keep, but I did run the cleaner, and followed the diagram and saved the log showing my browser plugins.  The log is below.

Yes Extension Application Update Service Helper 2.0 default-1497918994859 Firefox 52.4.0 C:\Program Files\Mozilla Firefox\browser\features\aushelper@mozilla.org.xpi
No Extension Microsoft .NET Framework Assistant 0.0.0 Microsoft default-1497918994859 Firefox 52.4.0 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
Yes Extension Multi-process staged rollout 1.10 default-1497918994859 Firefox 52.4.0 C:\Program Files\Mozilla Firefox\browser\features\e10srollout@mozilla.org.xpi
Yes Extension Pocket 1.0.5 default-1497918994859 Firefox 52.4.0 C:\Program Files\Mozilla Firefox\browser\features\firefox@getpocket.com.xpi
Yes Extension Web Compat 1.0 default-1497918994859 Firefox 52.4.0 C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Yes Plugin Adobe Acrobat 11.0.8.4 Adobe Systems Inc. default-1497918994859 Firefox 52.4.0 C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Yes Plugin getPlusPlus for Adobe 16291 1.6.2.91 NOS Microsystems Ltd. default-1497918994859 Firefox 52.4.0 C:\Program Files\NOS\bin\np_gp.dll
Yes Plugin Google Talk Plugin 5.41.3.0 Google default-1497918994859 Firefox 52.4.0 C:\Documents and Settings\Teressa\Application Data\Mozilla\plugins\npgoogletalk.dll
Yes Plugin Google Talk Plugin Video Renderer 5.41.3.0 Google default-1497918994859 Firefox 52.4.0 C:\Documents and Settings\Teressa\Application Data\Mozilla\plugins\npo1d.dll
Yes Plugin Google Update 1.3.33.5 Google Inc. default-1497918994859 Firefox 52.4.0 C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll
Yes Plugin Google Updater 2.4.2432.1652 Google default-1497918994859 Firefox 52.4.0 C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
Yes Plugin Java Deployment Toolkit 7.0.90.5 10.9.2.5 Oracle Corporation default-1497918994859 Firefox 52.4.0 C:\WINDOWS\system32\npdeployJava1.dll
Yes Plugin Microsoft® DRM 9.0.0.4503 Microsoft Corporation default-1497918994859 Firefox 52.4.0 C:\Program Files\Windows Media Player\npdrmv2.dll
Yes Plugin Microsoft® DRM 9.0.0.4503 Microsoft Corporation default-1497918994859 Firefox 52.4.0 C:\Program Files\Windows Media Player\npwmsdrm.dll
Yes Plugin Microsoft® Windows Media Services 4.1.0.3917 Microsoft Corporation default-1497918994859 Firefox 52.4.0 C:\WINDOWS\system32\npwmsdrm.dll
Yes Plugin OpenH264 Video Codec 1.6 Mozilla Corporation default-1497918994859 Firefox 52.4.0 C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\gmp-gmpopenh264\1.6\gmpopenh264.dll
Yes Plugin Shockwave Flash 27.0.0.130 Adobe Systems Incorporated default-1497918994859 Firefox 52.4.0 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll
Yes Plugin Silverlight Plug-In 5.1.30514.0 Microsoft Corporation default-1497918994859 Firefox 52.4.0 C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
Yes Plugin VLC Web Plugin 2.2.4.0 VideoLAN default-1497918994859 Firefox 52.4.0 C:\Program Files\VideoLAN\VLC\npvlc.dll
Yes Plugin Windows Media Player Plug-in Dynamic Link Library 3.0.2.629 Microsoft Corporation (written by Digital Renaissance Inc.) default-1497918994859 Firefox 52.4.0 C:\Program Files\Windows Media Player\npdsplay.dll
Yes Plugin Windows Presentation Foundation 3.5.30729.1 Microsoft Corporation default-1497918994859 Firefox 52.4.0 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

I am not sure if there is more to do in the PC.  Please let me know when you can.  Also, how to I check the external hard drive to make sure not of the Pups are in there?  Thanks

Connect all external drives, and then do the following please:

Scan with McSield Please download McShield by dr_bora and save it to your desktop.

• Install it on your machine.
  
• It will initially run a scan and show the result as a toaster by the system clock.
  
• Start the Control Centre by clicking on the icon in your system tray.
  
• Go to the Scanner tab and tick unhide items on flash drives.
  
• Plug in the drive and McShield will start a scan.
  
• A logfile of this scan may be found in the Logs tab of the main screen.
  

Please include that log in your next reply.

The scan was done in just a few seconds which seemed to fast compared to other scans, but the log is below.

>>> MCShield AllScans.txt <<<

-----------------------------




MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows XP <<<


10/15/2017 1:39:04 PM > Drive C: - scan started (no label ~74 GB, NTFS HDD )...



=> The drive is clean.


10/15/2017 1:39:11 PM > Drive L: - scan started (My Book ~931 GB, NTFS HDD )...



=> The drive is clean.





MCShield ::Anti-Malware Tool:: http://www.mcshield.net/

>>> v 3.0.5.28 / DB: 2016.2.21.1 / Windows XP <<<


10/15/2017 1:42:58 PM > Drive L: - scan started (My Book ~931 GB, NTFS HDD )...



=> The drive is clean.

The scans are quick due to the low amount of possible malware infections that can be done on external drives. So those are clean.

What other things can we attempt to solve?

The only thing I can think of is virus protection.  I plan to get a new computer soon, so I don't want to spend a lot.  Right now I have AVG free, and Malwarebytes.  I was using a trail of the pro version of Malwarebytes and I still got infected, and AVG was useless.  Any suggestions on how to keep the creepers out of my XP?

Securing your computer and turning it into a stronghold is the single best step you can take in prevention. Protecting your computer these days is like protecting your identity, and it's highly important to be willing to invest in tools that will help you, because it will save much money in the end. Many premium (paid) programs will be Internet Security Suites, which could be named as an internet security, total security, complete security, premium, plus, etc. Such programs may contain many of the different solutions recommended below, so please read carefully. If you have any questions on purchasing security suites, please ask me at any time.

We call the strategy in the Internet Security community, "Defense in depth." This phrase's definition changes slightly as security methods and other techniques are developed. Therefore, the first line of defense should always be at a minimum an antivirus. However, only install one of them, because having more than one antivirus installed can cause the different programs to conflict with each other due to the way antivirus programs install a driver that helps them scan difficult areas of the OS, which can be flagged by another antivirus program. In addition, if one antivirus program detects a file and the other one does as well, one may delete or quarantine it while the other one is still giving alerts and so on.

Lastly, more than one antivirus can cause performance issues due to the amount of resources each individual antivirus or security program uses. The less "false positives" the better! Antivirus programs work by scanning the file system, Registry, and other areas of the system to check for threats, activating real-time protection or on-access scanning (which helps to protect against infection in the first place and continuously scans the system little by little to ensure security), and some antivirus programs provide other features, including web-page scanning, vulnerability protection, ransomware protection, and much more. There are more ways to safeguard your system, and I would like to instruct that to you once we have your computer cleaned, so that your computer is much more secure in the future. I highly recommend that you stick with me in the end to ensure we can help your computer become very secure. Please also consider installing and using third-party firewall, anti-malware program, anti-exploit, and anti-ransomware programs. A firewall will monitor your internet activity incoming and outgoing, blocking threats effectively and keeping your internet connection protected overall. An anti-malware program can help supplement your antivirus by running its own scans in the background and providing a "second-opinion." Anti-exploit and anti-ransomware programs tend to help you block exploits by helping identify threats before they can "bug" your system. In addition, it may help to secure your files by helping you encrypt them with a password so that they are secure from hackers and ransomers. Note: The programs listed below are all free to use or they have some sort of trial. Some of them have a paid version that provides more features, while many other good programs only have a paid version but aren't listed there (such as Kaspersky, Bitdefender, and ESET security products).

ANTIVIRUS Software is where we start:
Avast Free: https://www.avast.com/index
Avira Free: https://www.avira.com/en/free-security-suite
Note on AVG Free: We should remove it!!!


I would recommend we permanently remove AVG and use Avira Free Security Suite (linked to above)

Okay, you said, "ANTIVIRUS Software is where we start:
Avast Free: https://www.avast.com/index
Avira Free: https://www.avira.com/en/free-security-suite
Note on AVG Free: We should remove it!!!
"

I am understanding I need to remove AVG, which do you think is better, Avast or Avira?  Also you stated, "I highly recommend that you stick with me in the end to ensure we can help your computer become very secure".  What more needs to be scanned or cleaned?  What next?

I don't think more scans or cleaning is necessary. I recommend Avira Security Suite. This is a good start.

But first, AVG needs removed.

Run this tool

http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe


Then, if that worked and AVG is not there, please install Avira Security Suite at the link above.

Let me know how it all works out.

When I click on "http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe", I get the following error message,

An error occurred while processing your request.
Reference #132.179202cc.1508273785.24164c14

Sorry, I was on my phone at work, so I was unsure if that link was still valid.

See the following tutorial for more information: https://support.avg.com/SupportArticleView?l=en&urlname=How-to-uninstall-AVG

I uninstalled AVG, attempted to install Avira, but got an alert stating my version of Windows is outdated.  I am without any virus protection at this time.

I attempted to install Avast, and got an error message, b86362a5.exe has encountered a problem and needs to close.  We are sorry for the inconvenience.  If you were in the middle of something, the information you were working on might be lost.

I attempted instaling Avira through Chrome, and got this message, installer has insufficient privileges to modify this file: C:Documents and Settings\All Users\Application Data\Avira\Launcher\Apps|Manifest.avdata.  The log file is below.

[05F4:02D8][2017-10-18T01:49:00]i001: Burn v3.10.2.3111, Windows v5.1 (Build 2600: Service Pack 3), path: C:\DOCUME~1\Teressa\LOCALS~1\Temp\{9C135015-C27B-4D44-9B8B-67ED997DCAE2}\.cr\avira_en_fass0_59e6f88cd09c0__ws (1).exe
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'PARTNER_ID' to value 'avira'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'PRODUCT_SHORT_NAME' to value 'Avira'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'PRODUCT_LONG_NAME' to value 'Avira Launcher'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'SkipSuccessPageAfterInstall' to value 'yes'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'ShowProgressInTaskBar' to value 'no'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'RebootImmediatly' to value 'yes'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'ShowSendErrorReport' to value 'yes'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'LogFileUploadUrl' to value 'https://wl-win.oes.avira.com/sendreport'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'LegacyLauncherDownloadUrl' to value 'https://package.avira.com/package/oeavira/winxp/int/'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'AllowLegacyOs' to value 'yes'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'SERVER_URL' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'LEGACY_SERVER_URL' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'V1_API_SERVER_URL' to value 'https://my.avira.com/v1'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'SHORT_MSG_FORMAT' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'CUSTOM_KIT_TOKEN' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'DOWNLOAD_SOURCE' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'SOFT_AUTH_ID' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'BUNDLE_ID' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing numeric variable 'NOAFTERINSTALLPAGE' to value '0'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'LANGUAGE' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'UI_TYPE' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'CALLER_PARTNER_ID' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'CURRENT_INSTALLED_VERSION' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing numeric variable 'SKIP_OS_VERSION_CHECK' to value '0'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing numeric variable 'CREATE_DESKTOP_SHORTCUT' to value '1'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing numeric variable 'SILENT_INSTALLATION_FROM_BOOTSTRAPPER' to value '0'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing numeric variable 'IS_STARTED_BY_MAJOR_UPGRADE' to value '0'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'CUSTOM_ACTION_DATA_TRANSFER_FILE_NAME' to value ''
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'CROSS_DETECTION_KEY_MASTER_VALUE' to value 'Software\Avira\Launcher'
[05F4:02D8][2017-10-18T01:49:00]i000: Initializing string variable 'REGISTRY_UNINSTALL_KEY' to value ''
[05F4:02D8][2017-10-18T01:49:00]i009: Command Line: '"-burn.clean.room=C:\Documents and Settings\Teressa\My Documents\Downloads\avira_en_fass0_59e6f88cd09c0__ws (1).exe"'
[05F4:02D8][2017-10-18T01:49:00]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Documents and Settings\Teressa\My Documents\Downloads\avira_en_fass0_59e6f88cd09c0__ws (1).exe'
[05F4:02D8][2017-10-18T01:49:00]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Documents and Settings\Teressa\My Documents\Downloads\'
[05F4:02D8][2017-10-18T01:49:01]i000: Setting string variable 'WixBundleLog' to value 'C:\DOCUME~1\Teressa\LOCALS~1\Temp\Avira_Launcher_20171018014901.log'
[05F4:02D8][2017-10-18T01:49:01]i000: Setting string variable 'WixBundleManufacturer' to value 'Avira Operations GmbH & Co. KG'
[05F4:0C60][2017-10-18T01:49:02]i000: Setting string variable 'CUSTOM_KIT_TOKEN' to value ''
[05F4:0C60][2017-10-18T01:49:02]i000: Setting string variable 'DOWNLOAD_SOURCE' to value 'ws'
[05F4:0C60][2017-10-18T01:49:02]i000: Setting string variable 'BUNDLE_ID' to value 'fass0'
[05F4:0C60][2017-10-18T01:49:02]i000: Setting string variable 'SOFT_AUTH_ID' to value '59e6f88cd09c0'
[05F4:0C60][2017-10-18T01:49:02]i000: Setting string variable 'SILENT_INSTALLATION_FROM_BOOTSTRAPPER' to value '0'
[05F4:0C60][2017-10-18T01:49:02]i000: Setting string variable 'NOAFTERINSTALLPAGE' to value '0'
[05F4:0C60][2017-10-18T01:49:02]i000: Setting string variable 'IS_STARTED_BY_MAJOR_UPGRADE' to value '0'
[05F4:0C60][2017-10-18T01:49:02]i000: Setting string variable 'CUSTOM_ACTION_DATA_TRANSFER_FILE_NAME' to value 'C:\DOCUME~1\Teressa\LOCALS~1\Temp\56.tmp'
[05F4:0C60][2017-10-18T01:49:02]i000: Setting numeric variable 'WixStdBALanguageId' to value 1033
[05F4:0C60][2017-10-18T01:49:02]i000: Setting string variable 'LANGUAGE' to value 'en'
[05F4:0C60][2017-10-18T01:49:02]i000: Setting string variable 'REGISTRY_UNINSTALL_KEY' to value 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92a7fd6b-31e5-472f-862e-79214c5032ef}'
[05F4:0C60][2017-10-18T01:49:02]i000: Setting version variable 'WixBundleFileVersion' to value '1.1.67.18988'
[05F4:02D8][2017-10-18T01:49:02]i100: Detect begin, 4 packages
[05F4:02D8][2017-10-18T01:49:02]i000: Setting string variable 'AlreadyInstalledLauncherMasterKey' to value 'Software\Avira\Launcher'
[05F4:02D8][2017-10-18T01:49:02]i000: Setting string variable 'IsLauncherAlreadyInstalled' to value 'Software\Avira\Launcher'
[05F4:02D8][2017-10-18T01:49:02]i000: Setting string variable 'CURRENT_INSTALLED_VERSION' to value '1.1.67.18988'
[05F4:02D8][2017-10-18T01:49:02]i000: Setting string variable 'InstalledLauncherPartnerId' to value 'avira'
[05F4:02D8][2017-10-18T01:49:02]i000: Setting string variable 'InstalledLauncherProductName' to value 'Avira'
[05F4:02D8][2017-10-18T01:49:02]i000: Setting string variable 'NETFRAMEWORK35' to value '1'
[05F4:02D8][2017-10-18T01:49:02]i000: Setting string variable 'NETFRAMEWORK35SP1' to value '1'
[05F4:02D8][2017-10-18T01:49:02]i000: Setting string variable 'NETFRAMEWORK40CLIENT' to value '1'
[05F4:02D8][2017-10-18T01:49:02]i000: Registry key not found. Key = 'SOFTWARE\Avira\AntiVir Server'
[05F4:02D8][2017-10-18T01:49:02]i000: Setting numeric variable 'AviraServerSecurityIsInstalled' to value 0
[05F4:02D8][2017-10-18T01:49:02]i052: Condition '(IsLauncherAlreadyInstalled) AND (IS_STARTED_BY_MAJOR_UPGRADE = 0)' evaluates to true.
[05F4:02D8][2017-10-18T01:49:02]i052: Condition '(NETFRAMEWORK40CLIENT = 1)' evaluates to true.
[05F4:02D8][2017-10-18T01:49:02]i101: Detected package: ExecutePrequisites, state: Absent, cached: Complete
[05F4:02D8][2017-10-18T01:49:02]i101: Detected package: OECrossDetectionKey, state: Present, cached: Complete
[05F4:02D8][2017-10-18T01:49:02]i101: Detected package: NetFx40ClientWeb, state: Present, cached: None
[05F4:02D8][2017-10-18T01:49:02]i101: Detected package: Id.Avira.OE.Setup.Msi, state: Present, cached: Complete
[05F4:02D8][2017-10-18T01:49:02]i052: Condition '((NOT CALLER_PARTNER_ID) OR (PARTNER_ID = CALLER_PARTNER_ID))' evaluates to true.
[05F4:02D8][2017-10-18T01:49:02]i052: Condition '(IsLauncherAlreadyInstalled) OR             (              ((VersionNT = v5.1) AND (ServicePackLevel >= 3)) OR               ((VersionNT64 = v5.2) AND (ServicePackLevel >= 2)) OR               (VersionNT = v6.0) OR               (VersionNT = v6.1) OR               (VersionNT >= v6.2)             )' evaluates to true.
[05F4:02D8][2017-10-18T01:49:02]i052: Condition 'NOT AviraServerSecurityIsInstalled' evaluates to true.
[05F4:02D8][2017-10-18T01:49:02]i199: Detect complete, result: 0x0
[05F4:02D8][2017-10-18T01:49:04]i200: Plan begin, 4 packages, action: Repair
[05F4:02D8][2017-10-18T01:49:04]w321: Skipping dependency registration on package with no dependency providers: ExecutePrequisites
[05F4:02D8][2017-10-18T01:49:04]i000: Setting string variable 'WixBundleLog_ExecutePrequisites' to value 'C:\DOCUME~1\Teressa\LOCALS~1\Temp\Avira_Launcher_20171018014901_000_ExecutePrequisites.log'
[05F4:02D8][2017-10-18T01:49:04]i000: Setting string variable 'WixBundleRollbackLog_ExecutePrequisites' to value 'C:\DOCUME~1\Teressa\LOCALS~1\Temp\Avira_Launcher_20171018014901_000_ExecutePrequisites_rollback.log'
[05F4:02D8][2017-10-18T01:49:04]w321: Skipping dependency registration on package with no dependency providers: OECrossDetectionKey
[05F4:02D8][2017-10-18T01:49:04]i052: Condition '(NOT(NETFRAMEWORK35 = 1 AND NETFRAMEWORK35SP1 = 1)) AND (NOT (NETFRAMEWORK40CLIENT = 1))' evaluates to false.
[05F4:02D8][2017-10-18T01:49:04]w321: Skipping dependency registration on package with no dependency providers: NetFx40ClientWeb
[05F4:02D8][2017-10-18T01:49:04]i000: Setting string variable 'WixBundleLog_Id.Avira.OE.Setup.Msi' to value 'C:\DOCUME~1\Teressa\LOCALS~1\Temp\Avira_Launcher_20171018014901_001_Id.Avira.OE.Setup.Msi.log'
[05F4:02D8][2017-10-18T01:49:04]i201: Planned package: ExecutePrequisites, state: Absent, default requested: Repair, ba requested: Repair, execute: Install, rollback: Uninstall, cache: No, uncache: No, dependency: None
[05F4:02D8][2017-10-18T01:49:04]i201: Planned package: OECrossDetectionKey, state: Present, default requested: Repair, ba requested: Repair, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[05F4:02D8][2017-10-18T01:49:04]i201: Planned package: NetFx40ClientWeb, state: Present, default requested: Absent, ba requested: Absent, execute: None, rollback: None, cache: No, uncache: No, dependency: None
[05F4:02D8][2017-10-18T01:49:04]i201: Planned package: Id.Avira.OE.Setup.Msi, state: Present, default requested: Repair, ba requested: Repair, execute: Repair, rollback: None, cache: No, uncache: No, dependency: Register
[05F4:02D8][2017-10-18T01:49:04]i299: Plan complete, result: 0x0
[05F4:02D8][2017-10-18T01:49:04]i300: Apply begin
[05F4:02D8][2017-10-18T01:49:04]i010: Launching elevated engine process.
[05F4:02D8][2017-10-18T01:49:05]i011: Launched elevated engine process.
[05F4:02D8][2017-10-18T01:49:06]i012: Connected to elevated engine.
[040C:0650][2017-10-18T01:49:06]i358: Pausing automatic updates.
[040C:0650][2017-10-18T01:49:06]i359: Paused automatic updates.
[040C:0650][2017-10-18T01:49:06]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92a7fd6b-31e5-472f-862e-79214c5032ef}, resume: Active, restart initiated: No, disable resume: No
[040C:0550][2017-10-18T01:49:06]i304: Verified existing payload: ExecutePrequisites at path: C:\Documents and Settings\All Users\Application Data\Package Cache\F47EA56053E207B603ACCC9EE2B8C569F9F6DCEC\Avira.OE.Setup.Prerequisites.exe.
[040C:0550][2017-10-18T01:49:06]i304: Verified existing payload: Id.Avira.OE.Setup.Msi at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\Avira.OE.Setup.Msi.msi.
[040C:0550][2017-10-18T01:49:06]i304: Verified existing payload: BundlePayload at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\BundledProducts.xml.
[040C:0550][2017-10-18T01:49:06]i304: Verified existing payload: MsiDE at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.de.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiEN at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.en.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiEs at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.es.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiFr at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.fr.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiIt at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.it.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiJa at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.ja.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiNl at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.nl.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiPl at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.pl.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiPtBr at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.ptbr.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiRu at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.ru.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiTr at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.tr.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiZhCn at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.zhcn.mst.
[040C:0550][2017-10-18T01:49:07]i304: Verified existing payload: MsiZhTw at path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\loc.zhtw.mst.
[040C:0650][2017-10-18T01:49:07]i301: Applying execute package: ExecutePrequisites, action: Install, path: C:\Documents and Settings\All Users\Application Data\Package Cache\F47EA56053E207B603ACCC9EE2B8C569F9F6DCEC\Avira.OE.Setup.Prerequisites.exe, arguments: '"C:\Documents and Settings\All Users\Application Data\Package Cache\F47EA56053E207B603ACCC9EE2B8C569F9F6DCEC\Avira.OE.Setup.Prerequisites.exe" /enableMsiService /checkRebootRequired'
[05F4:02D8][2017-10-18T01:49:07]i319: Applied execute package: ExecutePrequisites, result: 0x0, restart: None
[040C:0650][2017-10-18T01:49:07]i323: Registering package dependency provider: {A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}, version: 1.1.67.18988, package: Id.Avira.OE.Setup.Msi
[040C:0650][2017-10-18T01:49:07]i301: Applying execute package: Id.Avira.OE.Setup.Msi, action: Repair, path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\Avira.OE.Setup.Msi.msi, arguments: ' ARPSYSTEMCOMPONENT="1" TRANSFORMS="loc.en.mst" SERVER_URL="" LEGACY_SERVER_URL="" V1_API_SERVER_URL="https://my.avira.com/v1" SHORT_MSG_FORMAT="" CUSTOM_KIT_TOKEN="" DOWNLOAD_SOURCE="ws" BUNDLE_ID="fass0" SOFT_AUTH_ID="59e6f88cd09c0" LANGUAGE="en" UI_TYPE="" WCF_AUTH_VERIFY_SIGNATURE="TRUE" NOAFTERINSTALLPAGE="0" SILENT_INSTALLATION_FROM_BOOTSTRAPPER="0" TRIGGERED_FROM_BOOTSTRAPPER="1" CUSTOM_ACTION_DATA_TRANSFER_FILE_NAME="C:\DOCUME~1\Teressa\LOCALS~1\Temp\56.tmp" REGISTRY_UNINSTALL_KEY="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92a7fd6b-31e5-472f-862e-79214c5032ef}" CREATE_DESKTOP_SHORTCUT="1"'
[040C:0650][2017-10-18T01:53:16]e000: Error 0x80070643: Failed to run maintanance mode for MSI package.
[040C:0650][2017-10-18T01:53:16]e000: Error 0x80070643: Failed to execute MSI package.
[05F4:02D8][2017-10-18T01:53:16]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[05F4:02D8][2017-10-18T01:53:16]w348: Application requested retry of package: Id.Avira.OE.Setup.Msi, encountered error: 0x80070643. Retrying...
[040C:0650][2017-10-18T01:53:19]i301: Applying execute package: Id.Avira.OE.Setup.Msi, action: Repair, path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\Avira.OE.Setup.Msi.msi, arguments: ' ARPSYSTEMCOMPONENT="1" TRANSFORMS="loc.en.mst" SERVER_URL="" LEGACY_SERVER_URL="" V1_API_SERVER_URL="https://my.avira.com/v1" SHORT_MSG_FORMAT="" CUSTOM_KIT_TOKEN="" DOWNLOAD_SOURCE="ws" BUNDLE_ID="fass0" SOFT_AUTH_ID="59e6f88cd09c0" LANGUAGE="en" UI_TYPE="" WCF_AUTH_VERIFY_SIGNATURE="TRUE" NOAFTERINSTALLPAGE="0" SILENT_INSTALLATION_FROM_BOOTSTRAPPER="0" TRIGGERED_FROM_BOOTSTRAPPER="1" CUSTOM_ACTION_DATA_TRANSFER_FILE_NAME="C:\DOCUME~1\Teressa\LOCALS~1\Temp\56.tmp" REGISTRY_UNINSTALL_KEY="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92a7fd6b-31e5-472f-862e-79214c5032ef}" CREATE_DESKTOP_SHORTCUT="1"'
[040C:0650][2017-10-18T01:53:21]e000: Error 0x80070643: Failed to run maintanance mode for MSI package.
[040C:0650][2017-10-18T01:53:21]e000: Error 0x80070643: Failed to execute MSI package.
[05F4:02D8][2017-10-18T01:53:21]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[05F4:02D8][2017-10-18T01:53:21]w348: Application requested retry of package: Id.Avira.OE.Setup.Msi, encountered error: 0x80070643. Retrying...
[040C:0650][2017-10-18T01:53:24]i301: Applying execute package: Id.Avira.OE.Setup.Msi, action: Repair, path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\Avira.OE.Setup.Msi.msi, arguments: ' ARPSYSTEMCOMPONENT="1" TRANSFORMS="loc.en.mst" SERVER_URL="" LEGACY_SERVER_URL="" V1_API_SERVER_URL="https://my.avira.com/v1" SHORT_MSG_FORMAT="" CUSTOM_KIT_TOKEN="" DOWNLOAD_SOURCE="ws" BUNDLE_ID="fass0" SOFT_AUTH_ID="59e6f88cd09c0" LANGUAGE="en" UI_TYPE="" WCF_AUTH_VERIFY_SIGNATURE="TRUE" NOAFTERINSTALLPAGE="0" SILENT_INSTALLATION_FROM_BOOTSTRAPPER="0" TRIGGERED_FROM_BOOTSTRAPPER="1" CUSTOM_ACTION_DATA_TRANSFER_FILE_NAME="C:\DOCUME~1\Teressa\LOCALS~1\Temp\56.tmp" REGISTRY_UNINSTALL_KEY="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92a7fd6b-31e5-472f-862e-79214c5032ef}" CREATE_DESKTOP_SHORTCUT="1"'
[040C:0650][2017-10-18T01:53:26]e000: Error 0x80070643: Failed to run maintanance mode for MSI package.
[040C:0650][2017-10-18T01:53:26]e000: Error 0x80070643: Failed to execute MSI package.
[05F4:02D8][2017-10-18T01:53:26]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[05F4:02D8][2017-10-18T01:53:26]w348: Application requested retry of package: Id.Avira.OE.Setup.Msi, encountered error: 0x80070643. Retrying...
[040C:0650][2017-10-18T01:53:29]i301: Applying execute package: Id.Avira.OE.Setup.Msi, action: Repair, path: C:\Documents and Settings\All Users\Application Data\Package Cache\{A6634D1D-EA57-45DE-AF8F-0EDD35B912C3}v1.1.67.18988\Avira.OE.Setup.Msi.msi, arguments: ' ARPSYSTEMCOMPONENT="1" TRANSFORMS="loc.en.mst" SERVER_URL="" LEGACY_SERVER_URL="" V1_API_SERVER_URL="https://my.avira.com/v1" SHORT_MSG_FORMAT="" CUSTOM_KIT_TOKEN="" DOWNLOAD_SOURCE="ws" BUNDLE_ID="fass0" SOFT_AUTH_ID="59e6f88cd09c0" LANGUAGE="en" UI_TYPE="" WCF_AUTH_VERIFY_SIGNATURE="TRUE" NOAFTERINSTALLPAGE="0" SILENT_INSTALLATION_FROM_BOOTSTRAPPER="0" TRIGGERED_FROM_BOOTSTRAPPER="1" CUSTOM_ACTION_DATA_TRANSFER_FILE_NAME="C:\DOCUME~1\Teressa\LOCALS~1\Temp\56.tmp" REGISTRY_UNINSTALL_KEY="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92a7fd6b-31e5-472f-862e-79214c5032ef}" CREATE_DESKTOP_SHORTCUT="1"'
[040C:0650][2017-10-18T01:53:32]e000: Error 0x80070643: Failed to run maintanance mode for MSI package.
[040C:0650][2017-10-18T01:53:32]e000: Error 0x80070643: Failed to execute MSI package.
[05F4:02D8][2017-10-18T01:53:32]e000: Error 0x80070643: Failed to configure per-machine MSI package.
[05F4:02D8][2017-10-18T01:53:32]i319: Applied execute package: Id.Avira.OE.Setup.Msi, result: 0x80070643, restart: None
[05F4:02D8][2017-10-18T01:53:32]e000: Error 0x80070643: Failed to execute MSI package.
[040C:0650][2017-10-18T01:53:32]i301: Applying rollback package: ExecutePrequisites, action: Uninstall, path: C:\Documents and Settings\All Users\Application Data\Package Cache\F47EA56053E207B603ACCC9EE2B8C569F9F6DCEC\Avira.OE.Setup.Prerequisites.exe, arguments: '"C:\Documents and Settings\All Users\Application Data\Package Cache\F47EA56053E207B603ACCC9EE2B8C569F9F6DCEC\Avira.OE.Setup.Prerequisites.exe" /enableMsiService'
[05F4:02D8][2017-10-18T01:53:32]i319: Applied rollback package: ExecutePrequisites, result: 0x0, restart: None
[040C:0650][2017-10-18T01:53:32]i372: Session end, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92a7fd6b-31e5-472f-862e-79214c5032ef}, resume: ARP, restart: None, disable resume: No
[040C:0650][2017-10-18T01:53:32]i371: Updating session, registration key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92a7fd6b-31e5-472f-862e-79214c5032ef}, resume: ARP, restart initiated: No, disable resume: No
[05F4:02D8][2017-10-18T01:53:32]i399: Apply complete, result: 0x80070643, restart: None, ba requested restart:  No

I went into Administrative Safe Mode with Networking, and still could not install Avira, but I was able to install Avast.  It seems to be working.  Do you recommend the password setup Avast offers?

Oh good. Securing Avast with a password is optional but I do recommend it.

Setup should be done that it is protecting your computer actively.

What additional protection should I have? 

Also, I sometimes use Team Viewer to access a friends computer to help her setup apps.  If either one of us has PUPS or any other unwelcome guests in
our PC's, can the other person be infected when I use Team Viewer to access her computer?

I recommend also using Heimdal Free, as it will auto-update many of your programs: https://www.bleepingcomputer.com/download/heimdal-free/

In addition, Team Viewer is generally safe, and such issues are nontransferable between computers using such manner of connection, because there is no way to transfer files. If you are just viewing someone's PC from your own without transferring anything, then it is not possible to transmit malware/adware/etc. onto a different machine.

Uninstall AdwCleaner
Double-click AdwCleaner.exe

• Click on the Uninstall button.
  
• A window will open, press the Confirm button.
  
• AdwCleaner will uninstall now.
  

DelFix
Follow the instructions below to download and execute DelFix.

• Download DelFix and move the executable to your Desktop;
  
• Right-click on DelFix.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  
• Check the following options :
  
  
  
  
  • Remove disinfection tools;
    
  • Create registry backup;
    
  • Purge system restore;
    
  • Reset system settings;
    
  
  
  
• Once all the options mentioned above are checked, click on Run;
  
• After DelFix is done running, a log will open. Please copy/paste the content of the output log in your next reply;
  

I did load Heimdal Free, however I noticed on the site that it is for Windows 7 and higher.  I opened it to install it, and it acts like it will install, but this is for a brief second and then it disappears.  So, I can not tell if it installed or not. 

I never could get ADWcleaner to run after placing the icon on my desk top.  Each time I tried, I got the following error message.  C:\Documents and Settings\Teressa\Desktop\AdwCleaner.exe is not a valid Win32 application.  So, I am not sure it was actually installed anywhere.  I did do a search and all I saw was the icon on my desktop and a log file from when I did run Adwcleaner previously.  I deleted the icons, but I saved the log file. 

Does this mean I do not have ADW installed?

DelFix only gives me the option to run as myself or as guest.  Should I go into Safe Mode with networking and run as administrator?

Do not worry about Heimdal or AdwCleaner. Go ahead with DelFix as yourself please and see if it works. It should be the same way you've run all of the tools so far.

I'm conducting a final review of what we've all done so far - I almost forgot for you to do these...

To enable CD Emulation programs using DeFogger please perform these steps:

1. Please download DeFogger to your desktop.
   
2. Once downloaded, double-click on the DeFogger icon to start the tool.
   
3. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
   
4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
   
5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
   
6. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
   

---

We need to vaccinate the USB drive to prevent infection: Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean / working computer. note: the download mirror is called MajorGeeks and the download should start automatically. please do not click any advertisements.

• Insert your USB drives into the clean / working computer
  
  
• Double-click on USBVaccineSetup.exe to install the program
  
  
• Select your language, read and accept the agreement to continue
  
  
• Choose if you would like the program to run at all times, and for all newly inserted USB drives
  
  
• Click Next then Finish to complete the installation, the program will launch
  
  
• Select your USB drive from the list, then click Vaccinate USB note: optionally you can click Vaccinate computer as well, this disables removable items from automatically running on the system entirely
  
  
• A message should appear that your USB drive was vaccinated. If not please report the error in your next post
  
  

I attempted to use Defogger to Reenable, and an error message came up stating, unable to open file.

Additionally, while having problems I noted in Task Manager that Team Viewer was running, but I did not have it open.  I would end process, and it would immediately show again that it was running.  I uninstalled Team Viewer, and did not reinstall it.  I just looked in my programs and Team Viewer 8 is there, even though I uninstalled it.

Another thing is when I was having problems and using Firefox I would click on a link or try to open something, and it would act like it was going to load, and then stop, never loading.  I would close Firefox, and reopen, same problem.  I would have to reboot my computer for Firefox to work again.  After removing the PUPS this seemed to stop, but it has started again.  It's not immediate.  It happens after I have been on Firefox for a few hours.

It's not unusual for TeamViewer to run in the background, so that probably was not a true problem.

For Firefox, press options button > help > About Firefox. Check for updates.

If updating it did not resolve problem, refresh Firefox: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

What about the Defogger issue?  I attempted to use Defogger to Reenable, and an error message came up stating, unable to open file.

Oh that, sorry. Temporarily disable realtime protection for Avast and then try Defogger again.

Delfix

# DelFix v1.013 - Logfile created 22/10/2017 at 19:28:13
# Updated 17/04/2016 by Xplode
# Username : Teressa - PROSPERITY
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\JavaRa.log
Deleted : C:\TDSSKiller.3.1.0.15_24.06.2017_03.11.47_log.txt
Deleted : C:\Documents and Settings\Teressa\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Teressa\Desktop\ComboFix.exe
Deleted : C:\Documents and Settings\Teressa\Desktop\Defogger(1).exe
Deleted : C:\Documents and Settings\Teressa\Desktop\JRT.txt
Deleted : C:\Documents and Settings\Teressa\Desktop\tdsskiller.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\ComboFix.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\Defogger.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\JRT.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\MiniToolBox.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\OTLPEStd.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\SecurityCheck.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\ZHPCleaner-2017.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #2893 [System Checkpoint | 10/09/2017 22:12:10]
Deleted : RP #2894 [System Checkpoint | 10/11/2017 01:11:23]
Deleted : RP #2895 [Software Distribution Service 3.0 | 10/11/2017 08:04:19]
Deleted : RP #2896 [Software Distribution Service 3.0 | 10/11/2017 22:09:42]
Deleted : RP #2897 [Software Distribution Service 3.0 | 10/11/2017 22:38:43]
Deleted : RP #2898 [Software Distribution Service 3.0 | 10/12/2017 01:23:27]
Deleted : RP #2899 [Software Distribution Service 3.0 | 10/12/2017 05:24:02]
Deleted : RP #2900 [Software Distribution Service 3.0 | 10/12/2017 05:45:52]
Deleted : RP #2901 [System Checkpoint | 10/13/2017 07:32:34]
Deleted : RP #2902 [System Checkpoint | 10/14/2017 11:13:55]
Deleted : RP #2903 [System Checkpoint | 10/15/2017 19:47:01]
Deleted : RP #2904 [System Checkpoint | 10/17/2017 01:17:53]
Deleted : RP #2905 [System Checkpoint | 10/18/2017 12:13:49]
Deleted : RP #2906 [System Checkpoint | 10/19/2017 16:44:55]
Deleted : RP #2907 [System Checkpoint | 10/20/2017 22:53:39]
Deleted : RP #2908 [System Checkpoint | 10/21/2017 23:28:09]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

1) I was finally able to run Defogger, by going into Safe Mode as administrator.  It would not run otherwise, even with Avast deactivated.  Log Info is posted above.

2) I still have a lot of other tools in my PC that were used to attack the PUPS, Un Hide, Speccy, JRT, McShield, WR Tray. Tweaking, Heindal, Hitman Pro, ZHPCleaner, PC HUnter, SFXFix, Sanity Check, Defogger.  There may be more that are not listed above.  McShield is always running now, should I keep this?  What should I do with the others?

3) I have attempted to run the USB Vaccination program, however the option to vaccinate the computer is highlighted as an option to choose, but in the USB section, the option to vaccinate my external drive is grayed out.  It states, L:\(NTFS) Support disabled, consult help.  I have tried to disable Avast, and tried going into safe mode as admin., but I can not get it to work.  I have even unplugged the external drive, turned off the PC, plugged it back in and turned the PC back on.

Thanks for the update, because I was just going to ask that. Please do not proceed with USB vaccine, because those drives are locking other tools out, meaning the drives are already vaccinated. This is because Avast is protecting them with a driver. (A good thing!)

For the leftover malware removal tools, please first check your Add/Remove programs list for the items, and uninstall things that you do not approve of or need (such as the malware removal tools). If you cannot find them in the list, for any of them leftover, please right-click and delete them one-by-one.

Then, please do the following:
Press Start > Run, type in CMD and hit OK... at the prompt, type the following command, and then copy and paste the logfile back here:
dir c:\ >log.txt&&log.txt

How is this progressing? Should it be marked as solved?

I uninstalled Tweaking.com and Sanity Check.  One of these went crazy removing things, and I wasn't sure if I made I mistake.  Should I have uninstalled these?

I have kept McShield.  Should I remover, Un Hide, Speccy, JRT, WR Tray., Heindal, Hitman Pro, ZHPCleaner, PC HUnter, SFXFix, and Defogger and I think Combofix?

This is the log you requested

 Volume in drive C has no label.
 Volume Serial Number is 4C24-412F

 Directory of c:\

03/16/2010  01:18 PM              0a50dd6afc3b0e5d4a384b
05/04/2006  11:00 PM              2000IRC2
03/16/2010  07:37 PM              2012
02/15/2004  03:32 AM              52d23f3650485ff4e6556b
06/12/2010  03:03 AM              5bda237df9bb4f1fd9059e54
12/15/2003  07:54 AM              88a3314e4731faece3
05/30/2013  11:22 PM              A Pictures
02/11/2007  12:11 PM              a130982ba27e542030f7
08/22/2007  07:18 PM              ARACHNE
09/03/2002  09:59 AM                 0 AUTOEXEC.BAT
06/21/2010  06:25 PM              AVATAR
11/26/2009  05:35 AM              AVGTemp
06/14/2010  10:45 PM           173,288 avi_log.txt
06/17/2009  06:25 PM               211 Boot.bak
08/04/2004  12:00 AM           260,272 cmldr
07/02/2009  12:03 PM              Combo-Fix
10/25/2017  03:21 AM              Config.Msi
09/03/2002  09:59 AM                 0 CONFIG.SYS
06/17/2017  07:10 PM              ConverterOutput
10/22/2017  07:29 PM             3,004 DelFix.txt
04/19/2007  03:16 AM              DELL
12/15/2003  07:31 AM             6,146 DELL.SDR
04/23/2011  03:00 PM              Documents and Settings
12/15/2003  07:23 AM              DRIVERS
10/31/2017  04:53 AM                 0 drwtsn32.log
08/19/2005  12:38 PM           247,926 Five Star Invoice Esther Herrer.pdf
09/04/2005  03:09 PM           247,813 Five Star Invoice Josh Harris.pdf
09/19/2005  12:06 AM           339,281 Five Star Invoice Paul House.pdf
01/29/2016  12:04 PM              found.000
07/15/2007  05:09 PM              gs
04/22/2004  02:09 PM              HTML Ebay Folder
10/14/2016  01:01 PM              I386
07/16/2007  03:11 AM               160 Index.html
03/20/2013  11:37 PM             1,713 InstallHelper.log
09/03/2002  09:59 AM                 0 IO.SYS
08/22/2007  07:10 PM             2,011 IPH.PH
07/16/2007  03:13 AM           892,928 Learn How I Make $1000.00 in one day.pdf
08/28/2016  01:11 AM              LGD415RD
08/29/2016  02:22 AM              LGMobileUpgrade
07/08/2005  01:41 AM              Media
09/03/2002  09:59 AM                 0 MSDOS.SYS
10/02/2005  11:20 PM              MSOCache
01/17/2015  11:35 AM              Multimedia Files
12/15/2003  08:05 AM              My Music
01/21/2014  01:24 AM              Netgear
07/16/2009  03:34 PM           417,792 NPcol305.dll
06/07/2006  02:25 AM              One.htm
10/31/2017  05:36 AM              Program Files
10/30/2017  05:38 AM            86,914 R2D2 Insurance Card.jpg
07/02/2009  12:01 PM              RECYCLER(3)
07/18/2007  08:17 PM                26 register.js
10/08/2017  03:30 AM                18 repair_starting.dat
06/25/2017  04:01 PM             4,598 resetlog.txt
11/24/2009  07:03 AM              spoolerlogs
02/28/2015  05:21 AM              SUPERDelete
10/07/2005  02:35 PM            26,201 Team Roster Fall The Raptors 2005.pdf
06/11/2010  11:15 PM              temp
07/17/2007  11:53 AM              unzipped
09/08/2017  02:00 AM              vpp_temp
01/29/2012  04:23 AM              weather4
10/31/2017  04:55 AM              WINDOWS
04/26/2004  11:03 PM              WUTemp
05/14/2017  03:52 PM               162 YServer.txt
              24 File(s)      2,710,464 bytes
              39 Dir(s)  28,295,872,512 bytes free

Volume in drive C has no label.
 Volume Serial Number is 4C24-412F

 Directory of c:\

03/16/2010  01:18 PM              0a50dd6afc3b0e5d4a384b
05/04/2006  11:00 PM              2000IRC2
03/16/2010  07:37 PM              2012
02/15/2004  03:32 AM              52d23f3650485ff4e6556b
06/12/2010  03:03 AM              5bda237df9bb4f1fd9059e54
12/15/2003  07:54 AM              88a3314e4731faece3
05/30/2013  11:22 PM              A Pictures
02/11/2007  12:11 PM              a130982ba27e542030f7
08/22/2007  07:18 PM              ARACHNE
09/03/2002  09:59 AM                 0 AUTOEXEC.BAT
06/21/2010  06:25 PM              AVATAR
11/26/2009  05:35 AM              AVGTemp
06/14/2010  10:45 PM           173,288 avi_log.txt
06/17/2009  06:25 PM               211 Boot.bak
08/04/2004  12:00 AM           260,272 cmldr
07/02/2009  12:03 PM              Combo-Fix
10/25/2017  03:21 AM              Config.Msi
09/03/2002  09:59 AM                 0 CONFIG.SYS
06/17/2017  07:10 PM              ConverterOutput
10/22/2017  07:29 PM             3,004 DelFix.txt
04/19/2007  03:16 AM              DELL
12/15/2003  07:31 AM             6,146 DELL.SDR
04/23/2011  03:00 PM              Documents and Settings
12/15/2003  07:23 AM              DRIVERS
10/31/2017  04:53 AM                 0 drwtsn32.log
08/19/2005  12:38 PM           247,926 Five Star Invoice Esther Herrer.pdf
09/04/2005  03:09 PM           247,813 Five Star Invoice Josh Harris.pdf
09/19/2005  12:06 AM           339,281 Five Star Invoice Paul House.pdf
01/29/2016  12:04 PM              found.000
07/15/2007  05:09 PM              gs
04/22/2004  02:09 PM              HTML Ebay Folder
10/14/2016  01:01 PM              I386
07/16/2007  03:11 AM               160 Index.html
03/20/2013  11:37 PM             1,713 InstallHelper.log
09/03/2002  09:59 AM                 0 IO.SYS
08/22/2007  07:10 PM             2,011 IPH.PH
07/16/2007  03:13 AM           892,928 Learn How I Make $1000.00 in one day.pdf
08/28/2016  01:11 AM              LGD415RD
08/29/2016  02:22 AM              LGMobileUpgrade
07/08/2005  01:41 AM              Media
09/03/2002  09:59 AM                 0 MSDOS.SYS
10/02/2005  11:20 PM              MSOCache
01/17/2015  11:35 AM              Multimedia Files
12/15/2003  08:05 AM              My Music
01/21/2014  01:24 AM              Netgear
07/16/2009  03:34 PM           417,792 NPcol305.dll
06/07/2006  02:25 AM              One.htm
10/31/2017  05:36 AM              Program Files
10/30/2017  05:38 AM            86,914 R2D2 Insurance Card.jpg
07/02/2009  12:01 PM              RECYCLER(3)
07/18/2007  08:17 PM                26 register.js
10/08/2017  03:30 AM                18 repair_starting.dat
06/25/2017  04:01 PM             4,598 resetlog.txt
11/24/2009  07:03 AM              spoolerlogs
02/28/2015  05:21 AM              SUPERDelete
10/07/2005  02:35 PM            26,201 Team Roster Fall The Raptors 2005.pdf
06/11/2010  11:15 PM              temp
07/17/2007  11:53 AM              unzipped
09/08/2017  02:00 AM              vpp_temp
01/29/2012  04:23 AM              weather4
10/31/2017  04:55 AM              WINDOWS
04/26/2004  11:03 PM              WUTemp
05/14/2017  03:52 PM               162 YServer.txt
              24 File(s)      2,710,464 bytes
              39 Dir(s)  28,295,872,512 bytes free

I am not sure what happened to the above post