Possible Malware

I can not get online with any of the search engines in my computer.  All the virus protection, and Malwarebytes is being blocked, and not updating.  I already had hitman pro installed, and used it, but since I used it previously it alerted me I need to pay in order to continue using it.  It will not allow me to access a log.  I did note that it found a possible problem in the system restore.

I am in the PC now in Safe Mode with networking.  This is the only way I can get online.  My Malwarebytes and AVG are locked down.

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Try to downloading  and running MBAM in Safe Mode with Networking. If you can't do that, download these scanners on another computer and transfer them to this computer usiing a CDR or memory stick.

Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• It should update automatically if the computer is connected to the internet.
  
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)
  

*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

I have adwcleaner from the previous install, should I remove it and attempt to install it fresh?

GypsyCowgirl wrote:

I have adwcleaner from the previous install, should I remove it and attempt to install it fresh?

No, run it. It will probably try to update itself.

I tried to run adwcleaner, it did not update.  I got an error message stating it is not a valid Win 32 application.  I used a different PC an put the application on a disk.  Same problem.  I have tried to run JRT, it claims to be updating, but the update takes about half a second, and then the application finds nothing.  I have tried to open ADW in safe mode in normal mode, with networking, and non safe mode, nothing works.

in safe mode. If I use keyboard, pc will lock up. can use mouse. had to copy and paste message. I ran MiniToolBox You previously suggested. I previously noticed TeamViewer running While in Task manager. When I noticed this I closed TeamViewer in Task manager but it reopened. in MiniToolBox I noticed TeamViewer seems to be trying to run. Is it possible someone is accessing pc through TeamViewer? Will it help to uninstall TeamViewer?
:
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Teressa (administrator) on 29-09-2017 at 00:42:41
Running from "C:\Documents and Settings\Teressa\Desktop\New Folder (7)"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Model: Dimension 4600i Manufacturer: Dell Computer Corporation
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Intel(R) PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : Prosperity

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : attlocal.net



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : attlocal.net

        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-0C-F1-8C-7D-78

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.248

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : Friday, September 29, 2017 12:25:08 AM

        Lease Expires . . . . . . . . . . : Saturday, September 30, 2017 12:25:08 AM

Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    google.com
Address:  216.58.218.206



Pinging google.com [172.217.12.46] with 32 bytes of data:



Reply from 172.217.12.46: bytes=32 time=29ms TTL=53

Reply from 172.217.12.46: bytes=32 time=25ms TTL=53



Ping statistics for 172.217.12.46:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 25ms, Maximum = 29ms, Average = 27ms

Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.180.149, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=73ms TTL=47

Reply from 98.138.253.109: bytes=32 time=68ms TTL=47



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 68ms, Maximum = 73ms, Average = 70ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c f1 8c 7d 78 ...... Intel(R) PRO/100 VE Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254   192.168.1.248      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.248   192.168.1.248      20
    192.168.1.248  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255    192.168.1.248   192.168.1.248      20
        224.0.0.0        240.0.0.0    192.168.1.248   192.168.1.248      20
  255.255.255.255  255.255.255.255    192.168.1.248   192.168.1.248      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/29/2017 07:06:37 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/29/2017 02:01:42 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 06:39:35 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 10:52:36 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 10:48:05 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 10:47:39 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 10:38:25 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 10:35:18 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/27/2017 07:31:33 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/27/2017 07:20:02 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]


System errors:
=============
Error: (09/29/2017 12:29:27 AM) (Source: Service Control Manager) (User: )
Description: The avgbIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (09/29/2017 12:28:48 AM) (Source: Service Control Manager) (User: )
Description: The avgbIDSAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/29/2017 12:26:02 AM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (09/29/2017 12:23:24 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
avgbdisk
avgbidsdriver
avgbidsh
avgblog
avgbuniv
avgRdr
avgRvrt
avgSnx
avgSP
avgVmm
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASDIFSV
SASKUTIL
sptd
Tcpip
WS2IFSL

Error: (09/29/2017 12:23:24 AM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 12 service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%31 = A device attached to the system is not functioning.


Error: (09/29/2017 12:23:24 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31 = A device attached to the system is not functioning.


Error: (09/29/2017 12:23:24 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:
%%31 = A device attached to the system is not functioning.


Error: (09/29/2017 12:23:24 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31 = A device attached to the system is not functioning.


Error: (09/29/2017 12:23:24 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBT service which failed to start because of the following error:
%%31 = A device attached to the system is not functioning.


Error: (09/29/2017 12:23:24 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode
" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (09/29/2017 07:06:37 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/29/2017 02:01:42 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/28/2017 06:39:35 PM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/28/2017 10:52:36 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/28/2017 10:48:05 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/28/2017 10:47:39 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/28/2017 10:38:25 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/28/2017 10:35:18 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/27/2017 07:31:33 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/27/2017 07:20:02 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 2558.98 MB
Available physical RAM: 1609.48 MB
Total Virtual: 3173.41 MB
Available Virtual: 2427.57 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.46 GB) (Free:22.4 GB) NTFS
5 Drive h: (Sep 26 2017) (CDROM) (Total:0.69 GB) (Free:0 GB) UDF
7 Drive l: (My Book) (Fixed) (Total:930.86 GB) (Free:428.56 GB) NTFS

========================= Users: ========================================

User accounts for \\PROSPERITY

Administrator            ASPNET                   Guest                    
HelpAssistant            SUPPORT_388945a0         SUPPORT_3f151ab9         
Teressa                  


**** End of log ****

Will it help to uninstall TeamViewer?

Yes, uninstall it until we have this problem repaired.
Were you able to run MBAM?

No, I can not get MBAM to run.  When it opens, I get the error message I posted above.  It seems like each time I attempt to do something, there is a negative consequence, like my keyboard locking down.

What next?

I deleted Team Viewer and all "changes" made to my PC in order to run Team Viewer.

Let's see if we can get this scanner to run. Try it in Normal mode.
Please download Farbar Service Scanner to the desktop and run it on the computer with the issue.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Make sure FRST is run under administrator privileges.
Make sure that the Whitelist section is checked.Otherwise, the log will be very long.
You Security programs may prevent the tool from running. If this happens, disable the security program until the scan is completed.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
  
• Press "Scan".
  
  
  
  
  
  
• It will create a log (FSS.txt) in the same directory the tool is run.
  
• Please copy and paste the log to your reply.
  
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-09-2017
Ran by Teressa (administrator) on PROSPERITY (29-09-2017 23:14:04)
Running from C:\Documents and Settings\Teressa\Desktop\New Folder (7)
Loaded Profiles: Teressa (Available Profiles: Teressa & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\avgui.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\fxssvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2003-01-30] (HP)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-09-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3410384 2017-08-21] (Malwarebytes)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [289248 2017-09-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Run: [cdloader] => C:\Documents and Settings\Teressa\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2013-01-19] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Teressa\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-01-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0DCE56D5-9130-4B54-B459-5C2AFE16A228}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.com/
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> {E70C0F81-A36D-4E87-A070-1623DE26DC04} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2003-03-16] ()
BHO: PPCScamBHO Class -> {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} -> No File
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\TomTom\HOME\Profiles\4qqmyzdd.default [2013-05-21]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\Nvu\Profiles\46itrkdl.default [2012-10-21]
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\Netscape\Navigator\Profiles\ro5fo0iq.default [2010-08-09]
FF Extension: (No Name) - C:\Program Files\Netscape\Navigator 9\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Program Files\Netscape\Navigator 9\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3} [not found]
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859 [2017-09-29]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-17] [not signed]
FF HKLM\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files\AVG\AVG2012\Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-14] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-12-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [2010-10-20] (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-13] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYVerInfo.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Teressa\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Teressa\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [No File]
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Teressa\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Teressa\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-09-27]
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-24]
CHR HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.42AWFHMO6FPQSCDKOVTDJDJWOI - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-24] (SUPERAntiSpyware.com)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-09-14] (Adobe Systems Incorporated) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [276328 2017-09-07] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5881008 2017-09-07] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-09-14] (AVG Technologies CZ, s.r.o.)
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-20] (SEIKO EPSON CORPORATION)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [48368 2009-09-03] (NOS Microsystems Ltd.)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4430792 2017-08-07] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S3 Pml Driver; C:\WINDOWS\System32\HPHipm09.exe [77824 2003-01-30] (HP)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S3 WsDrvInst; C:\Program Files\Wondershare\MobileTrans\DriverInstall.exe [103824 2015-08-07] (Wondershare)
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]
S2 TeamViewer; "C:\Program Files\TeamViewer\TeamViewer_Service.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 Andbus; C:\WINDOWS\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\WINDOWS\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\WINDOWS\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
S3 AndnetBus; C:\WINDOWS\System32\DRIVERS\lgandnetbus.sys [15744 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [24576 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [29696 2015-01-26] (LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\System32\DRIVERS\lgandnetndis.sys [70784 2015-01-21] (LG Electronics Inc.)
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2002-08-14] (Adaptec)
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiskx.sys [135872 2017-09-07] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdriverx.sys [261128 2017-09-07] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidshx.sys [151024 2017-09-07] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgblogx.sys [270344 2017-09-07] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbunivx.sys [43992 2017-09-07] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [35264 2017-09-07] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [117368 2017-09-07] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr.sys [62528 2017-09-07] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [63280 2017-09-07] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [766216 2017-09-07] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [492552 2017-09-07] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\WINDOWS\system32\drivers\avgStmXP.sys [195128 2017-09-07] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [290264 2017-09-27] (AVG Technologies CZ, s.r.o.)
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 Dot4 HPH09; C:\WINDOWS\System32\DRIVERS\hphid409.sys [50800 2003-01-30] (HP)
S3 Dot4Print HPH09; C:\WINDOWS\System32\DRIVERS\hphipr09.sys [16112 2003-01-30] (HP)
S3 Dot4Storage HPH09; C:\WINDOWS\System32\Drivers\hphs2k09.sys [50211 2003-01-30] (Hewlett-Packard)
S3 Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [18864 2003-01-30] (HP)
R3 dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [18816 2010-01-29] (RIF) [File not signed]
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59904 2017-08-24] ()
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 GT680x; C:\WINDOWS\System32\Drivers\gt680x.sys [18120 2001-11-08] ( ) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel(R) Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [150816 2017-09-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40352 2017-09-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221632 2017-09-29] (Malwarebytes)
S3 OlCamudp; C:\WINDOWS\System32\Drivers\olcamudp.sys [10379 2000-02-08] (OLYMPUS Optical Co.,Ltd.) [File not signed]
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1330048 2003-09-22] (Creative Technology Ltd.)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-03-17] (VSO Software) [File not signed]
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
S3 PLTurbh; C:\WINDOWS\System32\drivers\plturbh.sys [16384 2009-07-01] (Prolific Technology Inc.)
R3 PLTurbo; C:\WINDOWS\System32\drivers\plturbo.sys [16640 2009-07-01] (Prolific Technology Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2013-01-19] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-20] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2013-01-19] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2010-01-30] () [File not signed]
S3 bvrp_pci; no ImagePath
S3 catchme; \??\C:\DOCUME~1\Teressa\LOCALS~1\Temp\catchme.sys [X]
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 StarOpen; no ImagePath
U3 TlntSvr; no ImagePath
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: Ip6FwHlp -> no filepath.

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 18:57 - 2017-09-29 23:09 - 000040352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-29 18:57 - 2017-09-29 23:07 - 000221632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-29 18:57 - 2017-09-29 18:57 - 000150816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-29 18:57 - 2017-09-29 18:57 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-09-29 18:57 - 2017-09-29 18:57 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-09-29 18:57 - 2017-08-24 11:27 - 000059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-09-29 18:56 - 2017-09-29 18:56 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration
2017-09-29 00:09 - 2017-09-26 16:41 - 008182736 _____ (Malwarebytes) C:\Documents and Settings\Administrator.PROSPERITY\Desktop\AdwCleaner.exe
2017-09-29 00:08 - 2017-09-26 16:59 - 001790024 _____ (Malwarebytes) C:\Documents and Settings\Administrator.PROSPERITY\Desktop\JRT.exe
2017-09-28 10:51 - 2017-09-28 10:51 - 000000000 ____D C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Macromedia
2017-09-28 10:51 - 2017-09-28 10:51 - 000000000 ____D C:\Documents and Settings\Administrator.PROSPERITY\Application Data\Adobe
2017-09-28 10:39 - 2017-09-07 04:47 - 000305936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-09-27 07:12 - 2017-09-27 07:12 - 000000000 ____D C:\Documents and Settings\Administrator.PROSPERITY\Application Data\SUPERAntiSpyware.com
2017-09-26 17:59 - 2017-09-29 19:04 - 001341178 _____ C:\WINDOWS\ntbtlog.txt
2017-09-24 16:41 - 2017-09-24 16:43 - 000000000 ____D C:\Documents and Settings\Teressa\Desktop\New Folder (14)
2017-09-09 02:28 - 2017-09-28 23:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-09 02:07 - 2017-09-29 23:03 - 000000000 _____ C:\WINDOWS\system32\last.dump

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-29 23:21 - 2017-06-22 23:46 - 000000000 ____D C:\Documents and Settings\Teressa\Local Settings\temp
2017-09-29 23:14 - 2017-06-22 14:50 - 000000000 ____D C:\FRST
2017-09-29 23:14 - 2017-06-16 18:08 - 000000000 ____D C:\Documents and Settings\Teressa\Desktop\New Folder (7)
2017-09-29 23:08 - 2003-12-15 07:38 - 000001170 ____C C:\WINDOWS\system32\WPA.DBL
2017-09-29 23:06 - 2017-06-23 19:20 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-09-29 23:06 - 2017-06-18 16:06 - 000000344 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
2017-09-29 23:06 - 2003-12-15 07:41 - 000004330 ____C C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2017-09-29 23:05 - 2014-03-30 15:41 - 000000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-09-29 23:05 - 2010-01-07 14:31 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-09-29 23:05 - 2003-12-15 07:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-29 23:03 - 2003-12-28 17:52 - 000000178 ___SH C:\Documents and Settings\Teressa\NTUSER.INI
2017-09-29 23:03 - 2003-12-28 17:52 - 000000000 ____D C:\Documents and Settings\Teressa
2017-09-29 23:03 - 2003-12-15 07:42 - 000032606 _____ C:\WINDOWS\SchedLgU.Txt
2017-09-29 23:01 - 2010-01-07 14:31 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-09-29 22:28 - 2012-10-25 16:00 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-09-29 22:27 - 2011-05-23 01:01 - 000000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job
2017-09-29 21:37 - 2008-04-13 20:15 - 000000178 __SHC C:\Documents and Settings\Administrator.PROSPERITY\NTUSER.INI
2017-09-29 18:57 - 2017-06-22 23:46 - 000000000 ____D C:\Documents and Settings\Administrator.PROSPERITY\Local Settings\temp
2017-09-29 18:57 - 2008-10-22 02:48 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-09-29 18:56 - 2014-11-16 04:26 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-09-29 07:30 - 2016-09-06 00:55 - 000000000 ____D C:\Documents and Settings\Teressa\Desktop\New Folder (8)
2017-09-29 02:27 - 2011-05-23 01:01 - 000000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job
2017-09-28 23:41 - 2010-01-29 22:55 - 000000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2017-09-28 22:53 - 2017-07-15 14:14 - 000000562 _____ C:\Documents and Settings\Teressa\Desktop\JRT.txt
2017-09-28 10:41 - 2003-12-15 07:23 - 000000000 ___HD C:\WINDOWS\INF
2017-09-27 07:16 - 2008-08-14 21:01 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-09-27 06:56 - 2017-06-18 16:06 - 000290264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-09-27 06:54 - 2008-04-13 20:15 - 000000000 ____D C:\Documents and Settings\Administrator.PROSPERITY
2017-09-27 06:54 - 2003-12-15 07:24 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-09-27 06:54 - 2003-12-15 07:24 - 000000000 __SHD C:\Documents and Settings\LocalService
2017-09-27 06:54 - 2003-12-15 07:23 - 000000000 ____D C:\WINDOWS\Registration
2017-09-26 11:18 - 2010-06-08 16:03 - 000000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2017-09-24 23:45 - 2007-08-18 10:10 - 000000000 ____D C:\WINDOWS\network diagnostic
2017-09-24 16:23 - 2006-02-05 11:54 - 000000000 ____D C:\Documents and Settings\Teressa\My Documents\My PSP Files
2017-09-23 23:23 - 2003-12-15 07:41 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-09-22 19:10 - 2015-08-14 22:15 - 000003448 ____C C:\WINDOWS\ModemLog_LGE Mobile USB Modem.txt
2017-09-21 22:27 - 2008-07-28 23:50 - 000000000 ____D C:\Documents and Settings\Teressa\My Documents\Ebay Templates
2017-09-20 19:16 - 2012-06-03 09:34 - 000000000 ____D C:\Documents and Settings\Teressa\Application Data\vlc
2017-09-20 02:48 - 2017-08-06 00:54 - 000000054 _____ C:\WINDOWS\CmdFile.INI
2017-09-19 01:51 - 2008-11-11 18:48 - 000002375 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Corel Paint Shop Pro X.lnk
2017-09-16 23:51 - 2015-03-21 04:23 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2017-09-14 16:42 - 2012-10-25 16:00 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-09-14 16:42 - 2011-05-12 23:24 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-09-14 16:29 - 2003-12-15 07:23 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-14 05:07 - 2017-07-05 10:03 - 000000000 _____ C:\Documents and Settings\Teressa\last.dump
2017-09-13 14:06 - 2013-10-28 20:29 - 000000996 _____ C:\Documents and Settings\Teressa\Desktop\magicJack.lnk
2017-09-13 14:06 - 2013-10-28 20:28 - 000000000 ____D C:\Documents and Settings\Teressa\Application Data\mjusbsp
2017-09-13 14:06 - 2010-12-09 18:01 - 000001002 _____ C:\Documents and Settings\Teressa\Start Menu\Programs\magicJack.lnk
2017-09-12 15:47 - 2012-04-28 11:03 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-09-09 02:43 - 2017-06-19 19:27 - 000000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-09 02:43 - 2017-06-19 19:27 - 000000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-09-08 16:07 - 2014-03-30 15:41 - 000000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-09-08 02:00 - 2007-07-15 17:19 - 000000000 ____D C:\vpp_temp
2017-09-07 23:27 - 2002-09-30 06:10 - 000002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2017-09-07 04:47 - 2017-06-18 16:06 - 000766216 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000492552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000261128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000195128 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStmXP.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000062528 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
2017-09-07 04:47 - 2017-06-18 16:06 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-09-04 11:26 - 2017-06-18 16:32 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2017-09-04 11:26 - 2017-06-18 15:53 - 000000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk

==================== Files in the root of some directories =======

2013-06-26 06:54 - 2014-06-23 16:39 - 000003728 ____C () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2007-07-18 01:36 - 2007-07-18 01:36 - 000000336 ____C () C:\Program Files\temp995.bat
2010-03-16 16:28 - 2011-09-05 01:35 - 000000162 ____C () C:\Documents and Settings\Teressa\Application Data\default.rss
2010-06-13 00:31 - 2010-06-13 00:31 - 000000000 ____C () C:\Documents and Settings\Teressa\Application Data\downloads.m3u
2010-03-02 04:11 - 2010-03-02 04:16 - 000000699 ____C () C:\Documents and Settings\Teressa\Application Data\moyea_dia.log
2010-03-17 23:45 - 2014-04-15 03:00 - 000007887 ____C () C:\Documents and Settings\Teressa\Application Data\pcouffin.cat
2010-03-17 23:45 - 2014-04-15 03:00 - 000001144 ____C () C:\Documents and Settings\Teressa\Application Data\pcouffin.inf
2010-03-17 23:45 - 2014-04-15 03:00 - 000000033 ____C () C:\Documents and Settings\Teressa\Application Data\pcouffin.log
2010-03-17 23:45 - 2014-04-15 03:00 - 000047360 ____C (VSO Software) C:\Documents and Settings\Teressa\Application Data\pcouffin.sys
2004-01-12 02:45 - 2017-06-17 22:58 - 000096768 ____C () C:\Documents and Settings\Teressa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-05 02:15 - 2015-02-05 02:15 - 000026900 ____C () C:\Documents and Settings\Teressa\Local Settings\Application Data\dt.dat
2009-12-21 16:24 - 2017-06-18 08:59 - 000000000 ____C () C:\Documents and Settings\Teressa\Local Settings\Application Data\prvlcl.dat
2012-01-15 15:59 - 2012-05-06 17:10 - 000000031 __SHC () C:\Documents and Settings\All Users\Application Data\.zreglib
2007-12-11 04:17 - 2017-05-16 13:29 - 000013296 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2010-09-17 23:41 - 2010-09-17 23:41 - 000000133 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2007-08-18 09:36 - 2007-08-18 09:36 - 000001751 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\sptd.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-09-2017
Ran by Teressa (29-09-2017 23:22:40)
Running from C:\Documents and Settings\Teressa\Desktop\New Folder (7)
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2003-12-28 22:52:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2305011698-3870448665-3586125232-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.PROSPERITY
ASPNET (S-1-5-21-2305011698-3870448665-3586125232-1008 - Limited - Enabled)
Guest (S-1-5-21-2305011698-3870448665-3586125232-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2305011698-3870448665-3586125232-1006 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2305011698-3870448665-3586125232-1002 - Limited - Disabled)
SUPPORT_3f151ab9 (S-1-5-21-2305011698-3870448665-3586125232-1005 - Limited - Disabled)
Teressa (S-1-5-21-2305011698-3870448665-3586125232-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Teressa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: AVG Antivirus (Enabled - Up to date) {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (HKLM\...\{A80FA752-C491-4ED9-ABF0-4278563160B2}) (Version: 7.1.8 - Hewlett-Packard) Hidden
ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version:  - )
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.0.5 - LSoft Technologies)
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version:  - )
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advertising Center (HKLM\...\{b2ec4a38-b545-4a00-8214-13fe0e915e6d}) (Version: 0.0.0.1 - Nero AG) Hidden
Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVG (HKLM\...\{1D382E7D-7E8B-4C85-9233-287017A66599}) (Version: 1.211.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 17.6.3029 - AVG Technologies)
Backuptrans Android SMS + MMS Transfer 3.2.16 (HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Backuptrans Android SMS + MMS Transfer) (Version: 3.2.16 - Backuptrans)
Banctec Service Agreement (HKLM\...\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}) (Version: 1.00.0005 - Dell) Hidden
Banctec Service Agreement (HKLM\...\{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}) (Version: 1.00.00 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
bitcontrol MPEG-2 Video Decoder v2.1 (HKLM\...\bcMPEG2dec) (Version: 2.1 - BitCtrl Systems GmbH)
Bonjour (HKLM\...\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}) (Version: 1.0.105 - Apple Inc.)
BufferChm (HKLM\...\{687FEF8A-8597-40b4-832C-297EA3F35817}) (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C6200_Help (HKLM\...\{B041ABD7-4A10-482a-A525-577A7AAD8EC7}) (Version: 90.0.189.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.0 - Corel Inc)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 (HKLM\...\Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1) (Version:  - Cucusoft, Inc.)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Dell Networking Guide (HKLM\...\{68D60342-7686-45C9-B8EB-40EF843D0460}) (Version: 1.00.0001 - Dell) Hidden
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
DolbyFiles (HKLM\...\{b1adf008-e898-4fe2-8a1f-690d9a06acaf}) (Version: 2.0 - Nero AG) Hidden
DrawPlus 3.0 (HKLM\...\DrawPlus 3.0) (Version:  - )
DS21Patch (HKLM\...\{9B79DCB0-AAD7-456B-8D07-433C936FA24B}) (Version: 1.00.0000 - Dell) Hidden
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD43 Plug-in v1.0.0.5 (HKLM\...\DVD43 Plug-in_is1) (Version:  - )
DVD43 v4.6.0 (HKLM\...\DVD43_is1) (Version:  - )
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0000 - Dell)
eM Client (HKLM\...\{224024F1-88C6-4E06-9AF6-39FF47347338}) (Version: 7.0.30068.0 - eM Client Inc.)
EPSON Artisan 1430 Series Printer Uninstall (HKLM\...\EPSON Artisan 1430 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.4.2 (HKLM\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Fax (HKLM\...\{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}) (Version: 120.0.194.000 - Hewlett-Packard) Hidden
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FMW 1 (HKLM\...\{E2258604-A4CB-4F29-BB9F-58081E193EAA}) (Version: 1.224.4 - AVG Technologies) Hidden
Google Chrome (HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM\...\{F9A2761E-C1E4-4384-92A3-5732C9738327}) (Version: 2.34.6717.9565 - Google, Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPL Ghostscript 8.50 (HKLM\...\GPL Ghostscript 8.50) (Version:  - )
GPL Ghostscript Fonts (HKLM\...\GPL Ghostscript Fonts) (Version:  - )
Help and Support Customization (HKLM\...\{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}) (Version: 1.00.0000 - Dell) Hidden
hp photosmart printer series (Remove only) (HKLM\...\hp photosmart printer series) (Version:  - )
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel(R) PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Internet Explorer Default Page (HKLM\...\{35BDEFF1-A610-4956-A00D-15453C116395}) (Version: 1.00.03 - Dell Inc.) Hidden
iPhone Data Recovery  (HKLM\...\iPhone Data Recovery) (Version:  - Tenorshare, Inc.)
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
LightScribe System Software (HKLM\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
magicJack (HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Menu Templates - Pack 1 (HKLM\...\{56aba277-ee53-4478-a607-fa42208ff5a9}) (Version: 9.4.4.0 - Nero AG) Hidden
Menu Templates - Starter Kit (HKLM\...\{b78120a0-cf84-4366-a393-4d0a59bc546c}) (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Client Profile Basic SP2 Version 1.0.1.22 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.1.22 - Wondershare, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version:  - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Picture It! Photo 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE132}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works 2003 Setup Launcher (HKLM\...\Works2003Setup) (Version:  - )
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )
Movie Templates - Starter Kit (HKLM\...\{e498385e-1c51-459a-b45f-1721e37aa1a0}) (Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 52.3.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.3.0 ESR (x86 en-US)) (Version: 52.3.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.3.0 - Mozilla)
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music DVD Creator 2.0 (HKLM\...\DVDCreator.exe_is1) (Version:  - Copyright (C) 2003-2007 BlazeVideo,Inc.)
MusicIP Mixer 1.8.1 (HKLM\...\MusicIP Mixer_is1) (Version:  - MusicIP)
Musicmatch Jukebox (HKLM\...\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}) (Version: 9.00.5100 - )
Nero 9 Essentials (HKLM\...\{2102f84f-010e-4510-aa29-4f92f55eaeea}) (Version:  - Nero AG)
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
OLYMPUS CAMEDIA Master 2.01 (HKLM\...\OLYMPUS CAMEDIA Master 2.0) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Orban/Coding Technologies AAC/aacPlus Player Pluginâ„¢ 1.0 (HKLM\...\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1) (Version:  - Orban, Inc.)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
SBC Self Support Tool (HKLM\...\SBC.MCCInstall) (Version:  - )
Shockwave (HKLM\...\Shockwave) (Version:  - )
Sound Blaster Live! (HKLM\...\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}) (Version:  - )
Spybot - Search & Destroy 1.2 (HKLM\...\Spybot - Search & Destroy_is1) (Version: 1.2 - PepiMK Software)
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.15.0.1000 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
The Print Shop (HKLM\...\The Print Shop 10.0) (Version:  - )
UnloadSupport (HKLM\...\{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}) (Version: 10.0.0 - Hewlett-Packard) Hidden
USBFast (HKLM\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.19 - Plextor)
VideoLAN VLC media player 0.8.6c (HKLM\...\VLC media player) (Version: 0.8.6c - VideoLAN Team)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Page Creator (HKLM\...\Web Page Creator) (Version:  - )
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0017.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare MobileTrans ( Version 7.3.2 ) (HKLM\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 7.3.2 - Wondershare)
Works Suite OS Pack (HKLM\...\{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}) (Version: 3.0.0.0000 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\SYSTEM32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2017-09-07] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2009-06-05] (Nero AG)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-08-31] (Google)
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers2: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers2: [RecordNow! ContextMenuExt] -> {E91B2703-013E-4A99-AD33-2B6FB00AA356} => C:\Program Files\Sonic\RecordNow!\shlext.dll [2003-08-13] (Sonic Solutions)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-08-31] (Google)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2017-09-07] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers1_S-1-5-21-2305011698-3870448665-3586125232-1007: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =>  -> No File
ContextMenuHandlers4_S-1-5-21-2305011698-3870448665-3586125232-1007: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =>  -> No File
ContextMenuHandlers5_S-1-5-21-2305011698-3870448665-3586125232-1007: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} =>  -> No File

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\SetupAVG Technologies0909
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job => C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job => C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Teressa\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Documents and Settings\Teressa\Desktop\Unused Desktop Shortcuts\Yahoo! Mail.lnk -> C:\WINDOWS\SYSTEM32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.redir=ymmapi9

==================== Loaded Modules (Whitelisted) ==============

2012-11-29 16:59 - 2012-11-29 16:59 - 000093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2017-09-07 04:47 - 2017-09-07 04:47 - 000060160 _____ () C:\Program Files\AVG\Antivirus\module_lifetime.dll
2017-09-07 04:47 - 2017-09-07 04:47 - 000168216 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
2017-09-07 04:47 - 2017-09-07 04:47 - 000213024 _____ () C:\Program Files\AVG\Antivirus\event_routing_rpc.dll
2017-09-07 04:47 - 2017-09-07 04:47 - 000243080 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2017-09-07 04:47 - 2017-09-07 04:47 - 000150688 _____ () C:\Program Files\AVG\Antivirus\network_notifications.dll
2017-09-28 19:18 - 2017-09-28 19:18 - 005900424 _____ () C:\Program Files\AVG\Antivirus\defs\17092800\algo.dll
2017-09-07 04:47 - 2017-09-28 10:40 - 000693528 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2017-09-07 04:47 - 2017-09-07 04:47 - 000242568 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2007-06-09 20:30 - 2007-06-09 20:30 - 000372736 _____ () C:\WINDOWS\system32\portmon.dll
2016-11-28 06:32 - 2016-11-28 06:28 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2016-10-31 18:45 - 2016-10-31 18:45 - 000321208 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2017-09-07 04:47 - 2017-09-07 04:47 - 000143912 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\Teressa\Desktop\Moonlight Heat.odt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Documents and Settings\Teressa\Desktop\Voice Test 1.wav:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\avg.com -> hxxps://www.update.avg.com
IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\avg.cz -> hxxps://backup.avg.cz
IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\magicjack.com -> hxxps://my.magicjack.com
IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\talk4free.com -> hxxps://reg.talk4free.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-08-29 06:00 - 2017-06-22 23:41 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk => C:\WINDOWS\pss\CallWave.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk => C:\WINDOWS\pss\Google Updater.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk => C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk => C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Sonic INSTALLit! Setup.lnk => C:\WINDOWS\pss\Sonic INSTALLit! Setup.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKCALREM.LNK => C:\WINDOWS\pss\WKCALREM.LNKStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKSCAL.EXE => C:\WINDOWS\pss\WKSCAL.EXEStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: diagent => "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
MSCONFIG\startupreg: dvd43 => C:\Program Files\dvd43\dvd43_tray.exe
MSCONFIG\startupreg: DVDSentry => C:\WINDOWS\System32\DSentry.exe
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPHmon03 => C:\WINDOWS\System32\hphmon03.exe
MSCONFIG\startupreg: ISUSPM Startup => c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: mmtask => C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
MSCONFIG\startupreg: Motive SmartBridge => C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\Media Experience\PCMService.exe"
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\UpdReg.EXE
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\hpwucli.exe] => Enabled:hpwucli.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\WinMX\WinMX.exe] => Enabled:WinMX Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\fxsclnt.exe] => Enabled:Microsoft  Fax Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\hpwucli.exe] => Enabled:hpwucli.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe] => Enabled:Google Talk Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Application Data\mjusbsp\magicJack.exe] => Enabled:magicJack
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5070:UDP] => Enabled:UDP

==================== Restore Points =========================

24-08-2017 23:08:19 System Checkpoint
26-08-2017 04:33:02 System Checkpoint
28-08-2017 16:12:36 System Checkpoint
30-08-2017 02:19:13 System Checkpoint
31-08-2017 02:50:51 System Checkpoint
01-09-2017 05:18:50 System Checkpoint
02-09-2017 05:40:07 System Checkpoint
03-09-2017 17:08:36 System Checkpoint
05-09-2017 02:13:14 System Checkpoint
06-09-2017 05:33:31 System Checkpoint
07-09-2017 04:53:54 Installed Windows XP Wdf01009.
08-09-2017 19:40:49 System Checkpoint
09-09-2017 02:20:42 Restore Operation
09-09-2017 02:27:08 Restore Operation
10-09-2017 03:30:09 System Checkpoint
11-09-2017 04:27:34 System Checkpoint
12-09-2017 07:57:03 System Checkpoint
13-09-2017 03:00:39 Software Distribution Service 3.0
14-09-2017 04:27:59 System Checkpoint
15-09-2017 04:58:00 System Checkpoint
16-09-2017 06:40:16 System Checkpoint
17-09-2017 22:38:39 System Checkpoint
19-09-2017 03:33:15 System Checkpoint
20-09-2017 05:52:41 System Checkpoint
21-09-2017 05:55:01 System Checkpoint
22-09-2017 07:13:00 System Checkpoint
23-09-2017 18:08:13 System Checkpoint
24-09-2017 19:02:38 System Checkpoint
24-09-2017 23:14:22 Restore Operation
25-09-2017 02:56:41 Restore Operation
26-09-2017 15:27:20 System Checkpoint
27-09-2017 00:39:10 Checkpoint by HitmanPro
27-09-2017 06:39:28 Restore Operation
27-09-2017 06:48:42 Restore Operation
28-09-2017 10:41:48 Installed Windows XP Wdf01009.
28-09-2017 22:44:20 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2017 07:06:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/29/2017 02:01:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 06:39:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 10:52:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 10:48:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 10:47:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 10:38:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 10:35:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/27/2017 07:31:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/27/2017 07:20:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]


System errors:
=============
Error: (09/29/2017 11:06:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TeamViewer 12 service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/29/2017 11:06:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/29/2017 09:44:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TeamViewer 12 service failed to start due to the following error:
The system cannot find the path specified.

Error: (09/29/2017 09:44:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (09/29/2017 09:37:47 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/29/2017 05:49:51 PM) (Source: DCOM) (EventID: 10005) (User: PROSPERITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/29/2017 05:49:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
avgbdisk
avgbidsdriver
avgbidsh
avgblog
avgbuniv
avgRvrt
avgSnx
avgSP
avgVmm
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (09/29/2017 05:48:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/29/2017 05:34:08 PM) (Source: DCOM) (EventID: 10005) (User: PROSPERITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (09/29/2017 09:12:23 AM) (Source: DCOM) (EventID: 10005) (User: PROSPERITY)
Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


==================== Memory info ===========================

Processor:  Intel(R) Pentium(R) 4 CPU 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 2558.98 MB
Available physical RAM: 1673.8 MB
Total Virtual: 3173.41 MB
Available Virtual: 2480.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.46 GB) (Free:22.15 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive h: (Sep 26 2017) (CDROM) (Total:0.69 GB) (Free:0 GB) UDF
Drive l: (My Book) (Fixed) (Total:930.86 GB) (Free:428.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 0036DF21)
Partition 1: (Not Active) - (Size=930.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

I am attaching two photos.  I explained how I could not get HitManPro to remove anything, or save a log file, but I took a picture of the first page of the screen.  Everything beyond the first page is tracking cookies.  It is not a very clear image, but maybe there will be something revealing. 

Also, I attempted to go into my profile in Safe Mode, because that is where I have been able to open Firefox and copy and paste scans to you.  I attempted to open Firefox and a window popped up to select my profile.  I have no idea which is mine, or if either of them are.  I am not sure why there are two, or what I should do.  The image is attached.  Any ideas?

In the first image the two suspicious items you can not see are, Crossrider, and My Web Face.  I have no idea what either one of these are.



This is the Firefox Profile image

You may uninstall SuperAntiSpyware because it is outdated and only serves to remove cookies. Spybot S&D also.

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following. Open IE and click on Tools, Internet Options. Select Security and click the Reset all zones to default level.

Sorry, I did not notice that this thread was started back in June.

I attempted to open Firefox and a window popped up to select my profile.  I have no idea which is mine, or if either of them are.  I am not sure why there are two, or what I should do.  The image is attached.  Any ideas?

You could try uninstalling and re-installing FF.

In the first image the two suspicious items you can not see are, Crossrider, and My Web Face.  I have no idea what either one of these are.

Crossrider is a PUP. Potential unwanted program. If you can get  MBAM to run it will remove it. My WedFace belongs to Chrome. Can you please give me an update about what's happening with the computer?

I can not get MBAM to recognize anything.  I can tell MBAM is not updating.  When I try to update it, it shows to update in about a second, which is way to short a time to update.  Then when I do a scan, it shows no Malware was found.  I will make the changes you suggested and get right back to you.

I made the change in IE, though I can't tell if it took.  IE still does not work, but this could be beacuse my PC is infected.  I did manage to get a new Firefox, however I still need my book marks and passwords from my old profile.  And when I look at the old file, I see the bookmarks as now all .Json files, and I have no idea how to recover these.  Firefox still only works in Safemode with networking.

I see the bookmarks as now all .Json files, and I have no idea how to recover these.

See here.
Can you run MBAM in Safe Mode?

IE still does not work, but this could be beacuse my PC is infected.

You are running XP which is an old OS with no updates. My IE on my XP also does not work very well. I've had to go to FF and Chrome.

I can run MBAM in safe mode with networking, but it is not updating.  It shows it is up to date, but, the update runs for about one second and then it starts scanning and finds nothing, so I can tell it is not updating.  It won't run in safe mode without networking.  As you pointed out, HitmanPro finds the pup, Crossrider, but it will only scan, not delete, because you can only use it once for free.  I wouldn't mind paying for it, if I knew it would removed all the malware from my system.  Also Hitman Pro shows Avenger is Malware.  Isn't Avenger part of one of the Malwarebytes programs?

I have some questions.  I have an external hard drive connected to the XP, can the rogue virus be inside the external hard drive?  I am considering a newer PC, and I will want to attach my hard drive to the newer PC. but I don't want to transfer the infected files. 

Also, if I figure out how to backup my Firefox bookmarks and passwords to a newer PC, is it possible to also backup the virus?

What other tools can I use to get rid of what has taken over my PC?  Right now MBAM is of no use.

Isn't Avenger part of one of the Malwarebytes programs?

Not to my knowledge. Can you do a search for Crossrider?

I have an external hard drive connected to the XP, can the rogue virus be inside the external hard drive?  I am considering a newer PC, and I will want to attach my hard drive to the newer PC. but I don't want to transfer the infected files. 

Please disconnect this external HD until we get this problem fixed. We can then use some of these scanners to scan the external HD.

Also, if I figure out how to backup my Firefox bookmarks and passwords to a newer PC, is it possible to also backup the virus?

Highly unlikely.

What other tools can I use to get rid of what has taken over my PC?

Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
Don't worry if it doesn't update. I need to see a log.

You already suggested adware.  I have tried to download it directly, I have tried to install from a CD.  I tried to run adwcleaner, it did not update.  I get an error message stating it is not a valid Win 32 application.  It won't even open.  Even in safe mode.  I have tried to run JRT, it claims to be updating, but the update takes about half a second, and then the application finds nothing.  If I do a search for Crossrider what should I do with it, delete it?

I searched for Crossrider, nothing showed up.

In addition to my above posts, I just noticed that in my program files I have two versions of MBAM.  One shows to be Malwarebytes' Anti-Malware.  When I hover the mouse on it, it shows Mawarebytes' Anti-Malware (3).  The second version is just Malwarebytes, and when I hover on it, there are two choices, Malwarebytes, Uninstall Malwarebytes.

Right before Firefox stopped working, there was a message at the right hand corner to get a trial version of Malwarebytes that offered extra protection.  I was suspect of this message, and I did not click on it.  Instead I opened Malwarebytes and attempted to upgrade it so I could do a scan.  When Malwarebytes attempted to update was when I realized I could not get online.  I am uncertain if one of the Malwarebytes is a rogue program.  It seems odd that the Malwarebytes' Anti-Malware, does not offer the option to uninstall.

Ok. Let's try this. Get rid of all versions of MBAM by uninstalling or deleting them. Try downloading a new version and see if it will run.
This thread was started in June 2017. Has this been a problem since then?

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application. Before clicking on MBAM to run the set-up please try renaming the file to something like andy-setup.exe

• It should update automatically if the computer is connected to the internet.
  
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)
  

When I initially made contact in Mid June, my Firefox was freezing and acting as if I had a virus.  You offered different suggestions, scans were done, and there was a cleanup that seemed to make Firefox work again.  All seemed to be working except I could not get online with IE.  You turned me over to Dr. Jay, who had me try different things.  Nothing seemed to work.  During this time, I had a bad accident, so I was not really using my computer.  When I got on my computer in September, was when I had the alert to update MBAM for a free trial of the pay version.  I found the alert odd, because I had already tried the 15 day free trial back when I started having problems in June.  I suppose the free trial could have been a fake MBAM, but the trial came through my regular MBAM malwarebytes update, when I manually updated. 

I have found that I was able to uninstall the regular MBAM through CCleaner.  I have looked in program files and CCleaner, and the Malwarebytes' Anti-Malware does not show up, nor does it have an option to uninstall , which seems suspect.  I am now doing a search for Malwarebytes, and I will delete everything I find and empty the trash can, and see if I can install a new version.

Additionally I can no longer run Firefox at all in safe mode or any mode.  I uninstalled firefox again.  Can you lead me to a clean install for firefox XP?  The other install showed it was for Windows 7 or above, and it worked, but this time it won't accept it.

I have found that I was able to uninstall the regular MBAM through CCleaner.

That doesn't sound correct. CCleaner should not have done that unless it was a fake MBAM.
This should be a safe site. I'm going to take some time to review all of this thread and see if we missed something. I'll be back.

I deleted all the Malwarebytes files.  I loaded the Malware bytes you recommended onto a CD, and changed the name as you suggested.  I installed the Malware bytes and a popup came up after installing which stated, I had three days left of my free trial.  This Malwarebytes has a different name than the other two that were in my computer before I deleted them.  The other two were Malwarebytes, and Malwarebytes' Anti-Malware.  This one does not have the apostrophe after the s, and is Malwarebytes Anti-Malware Home (2.2.1.1043).  This latest one also shows up in CCleaner, and gives me the option to uninstall it.  Something else, is once I install Malwarebytes, it attempts to get me to install again.  Then I get a message that states a new version of Malwarebytes is ready to install.  I did not select this, but opened the program instead and clicked update.  It states there are no new updates and that it is running Database Version v2017.10.05.01.  Yet at the top there is a yellow circle face, like a smiley face with two eyes and a straight line for a mouth, and it states your program version is out of date.  If I look in history, it shows me a list of all the previous Malware that has been removed by Malwarebytes, so it's like I never uninstalled, or removed it.

I clicked on the yellow alert that stated my Malwarebytes was out of date.  It loaded what looked like a newer version.  I did a scan, it found nothing.  I was able to update AVG for the first time in some time, but AVG looks different than it did before, so I have no idea if this is legit software or not.  I ran it, it found nothing.  I tried once again to ADWCleaner, same error message.

Since deleting the other versions of MBAM, I am able to use Google Chrome in normal mode.  Was unable to do this before, but I had to remove Firefox.  I am trying to find a version for Windows XP.  Below is the information from Mini Toolbox.  I noticed that it shows Team Viewer is trying to be opened.  You may recall, I removed Team Viewer because I noticed it was running in Task Manager, and when I would close it, it would automatically turn back up in Team Viewer as if it was running in the background.  

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Teressa (administrator) on 05-10-2017 at 20:18:30
Running from "C:\Documents and Settings\Teressa\Desktop\New Folder (7)"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Model: Dimension 4600i Manufacturer: Dell Computer Corporation
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Intel(R) PRO/100 VE Network Connection = Local Area Connection (Connected)


# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : Prosperity

        Primary Dns Suffix  . . . . . . . : 

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : attlocal.net



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : attlocal.net

        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-0C-F1-8C-7D-78

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.248

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : Thursday, October 05, 2017 2:43:26 PM

        Lease Expires . . . . . . . . . . : Friday, October 06, 2017 2:43:26 PM

Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    google.com
Address:  172.217.9.14



Pinging google.com [172.217.9.14] with 32 bytes of data:



Reply from 172.217.9.14: bytes=32 time=26ms TTL=53

Reply from 172.217.9.14: bytes=32 time=26ms TTL=53



Ping statistics for 172.217.9.14:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 26ms, Maximum = 26ms, Average = 26ms

Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.180.149, 98.138.253.109, 206.190.36.45



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=66ms TTL=47

Reply from 98.138.253.109: bytes=32 time=65ms TTL=47



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 65ms, Maximum = 66ms, Average = 65ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 0c f1 8c 7d 78 ...... Intel(R) PRO/100 VE Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254   192.168.1.248  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0    192.168.1.248   192.168.1.248  20
    192.168.1.248  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255    192.168.1.248   192.168.1.248  20
        224.0.0.0        240.0.0.0    192.168.1.248   192.168.1.248  20
  255.255.255.255  255.255.255.255    192.168.1.248   192.168.1.248  1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/04/2017 11:55:54 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1169, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001aa3b6.
Processing media-specific event for [mbam.exe!ws!]

Error: (10/04/2017 11:55:23 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1169, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001aa3b6.
Processing media-specific event for [mbam.exe!ws!]

Error: (10/04/2017 11:55:03 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1169, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001aa3b6.
Processing media-specific event for [mbam.exe!ws!]

Error: (10/04/2017 11:54:53 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1169, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001aa3b6.
Processing media-specific event for [mbam.exe!ws!]

Error: (10/04/2017 11:54:43 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1169, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001aa3b6.
Processing media-specific event for [mbam.exe!ws!]

Error: (10/04/2017 06:30:20 AM) (Source: Application Error) (User: )
Description: Faulting application olympus camedia.exe, version 0.0.0.0, faulting module comctl32.dll, version 5.82.2900.6028, fault address 0x0001a8be.
Processing media-specific event for [olympus camedia.exe!ws!]

Error: (09/30/2017 03:56:03 AM) (Source: Application Error) (User: )
Description: Faulting application hitmanpro.exe, version 3.7.20.286, faulting module hitmanpro.exe, version 3.7.20.286, fault address 0x002c68af.
Processing media-specific event for [hitmanpro.exe!ws!]

Error: (09/29/2017 07:06:37 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/29/2017 02:01:42 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]

Error: (09/28/2017 06:39:35 PM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a497b.
Processing media-specific event for [mbam.exe!ws!]


System errors:
=============
Error: (10/05/2017 02:44:17 AM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 12 service failed to start due to the following error: 
%%3 = The system cannot find the path specified.


Error: (10/05/2017 02:44:17 AM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (10/05/2017 02:43:28 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (10/04/2017 11:59:33 PM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 12 service failed to start due to the following error: 
%%3 = The system cannot find the path specified.


Error: (10/04/2017 11:59:32 PM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (10/04/2017 11:12:51 PM) (Source: Service Control Manager) (User: )
Description: The TeamViewer 12 service failed to start due to the following error: 
%%3 = The system cannot find the path specified.


Error: (10/04/2017 11:12:51 PM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (10/04/2017 10:24:02 PM) (Source: Service Control Manager) (User: )
Description: The avgbIDSAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/04/2017 10:22:55 PM) (Source: Service Control Manager) (User: )
Description: The avgbIDSAgent service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (10/04/2017 10:22:55 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the avgbIDSAgent service to connect.


Microsoft Office Sessions:
=========================
Error: (10/04/2017 11:55:54 PM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1169qt5core.dll5.6.2.0001aa3b6

Error: (10/04/2017 11:55:23 PM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1169qt5core.dll5.6.2.0001aa3b6

Error: (10/04/2017 11:55:03 PM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1169qt5core.dll5.6.2.0001aa3b6

Error: (10/04/2017 11:54:53 PM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1169qt5core.dll5.6.2.0001aa3b6

Error: (10/04/2017 11:54:43 PM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1169qt5core.dll5.6.2.0001aa3b6

Error: (10/04/2017 06:30:20 AM) (Source: Application Error)(User: )
Description: olympus camedia.exe0.0.0.0comctl32.dll5.82.2900.60280001a8be

Error: (09/30/2017 03:56:03 AM) (Source: Application Error)(User: )
Description: hitmanpro.exe3.7.20.286hitmanpro.exe3.7.20.286002c68af

Error: (09/29/2017 07:06:37 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/29/2017 02:01:42 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b

Error: (09/28/2017 06:39:35 PM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a497b


========================= Memory info: ===================================

Percentage of memory in use: 46%
Total physical RAM: 2558.98 MB
Available physical RAM: 1376.84 MB
Total Virtual: 3173.41 MB
Available Virtual: 2181 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.46 GB) (Free:21.83 GB) NTFS
5 Drive h: (Sep 26 2017) (CDROM) (Total:0.69 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\PROSPERITY

Administrator            ASPNET                   Guest                    
HelpAssistant            SUPPORT_388945a0         SUPPORT_3f151ab9         
Teressa                  


**** End of log ****

Hi there, I want to ask a couple questions...

I may not be able to pop in as often as Dave so if I cannot reply immediately, then Dave can PM me if I need to reply...

Are you familiar with these user accounts:
HelpAssistant            SUPPORT_388945a0         SUPPORT_3f151ab9

---

Would you please list all symptoms experienced?

---

Have Windows Updates been successful recently? EDIT: Forgot you were using XP. Windows does not support Windows XP, so your computer is, in essence, totally exposed to the hacking world right now. If you continue with Windows XP, it needs totally armed down - but first you need the symptoms addressed.

I saw, HelpAssistant, and SUPPORT 388945a) and SUPPORT 3f151ab9, and I am not familiar with either.  I purchased this PC new, several year back, and I am the only user of this PC.

I may forget some of the symptoms, but off the top of my head, originally back in June, Firefox was freezing, and I could not access accounts like Ebay.  Firefox shows to have two user profiles, and there should have only been mine.  I seemed to have lost my passwords and bookmarks.  I could get into Firefox from Safe Mode with Networking, but that stopped working too.  I could not get into Chrome.  

Malwarebytes would not run, then I noticed in program files there were two versions of Malwarebytes.  There was Malwarebytes, which offered an option to uninstall.  And there was Malwarebytes' Anti-Malware, with no option to uninstall.  I uninstalled the one that could be uninstalled, and I deleted the files for the one that could not be uninstalled.  I installed a clean install of MBAM from a CDR.  

AVG would not open at all.  After getting Rid of the two copies of MBAM, and uninstalling Firefox, AVG started working, and updated.  But, as I stated before I have no idea whether MBAM or AVG are legitimate.

I noticed in Task Manager Team Viewer was running.  I was not using Team Viewer.  I closed it in Team Viewer, it immediately reopened in Task Manager, and did so each time I closed it.  I uninstalled Team Viewer. 

I have tried to run ADWcleaner, but it won't open.  I get an error message that states, It is not a valid Win32 program. 

I already have the free Hitman Pro installed, but I an only use it once.  I can scan with it, but I can not view a scan log or quarantine anything with the program unless I upgrade to a pay version.  On the screen it shows, Avenger.exe is malware.  This is a program I installed through GeekPolice, years back when I had a virus.  Of course it could now be infected, I don't know.

It also shows FRST. is suspicious, and something called CrossRider, which SuperDave has informed me is a PUP.  It does  not show up in Malwarebytes.  I did a search for CrossRider, with no results.

I looked in my husband's PC.  He is also running Windows XP.  I opened his Malwarebytes, and at the top was a message stating it was out of date, just like in my Malwarebytes.  Except he had circle yellow face of disappointment, and the words were in black.  In mine the words and the face were in yellow.  In his I clicked on the green update bar, and it worked for a bit, updated, and the yellow face turned into a green smiley face.  In mine, when I clicked the green update, it moved for about a second and stopped without updating.  I clicked on the yellow words and face, and a user agreement box popped up stating Malwarebytes would now be installed.  The original Malwarebytes Anti-Malware disappeared all together, as did the desktop icon, and a new one took it's place. 

When I look at my User Accounts, I only see Myself and Guest.  When I look at his, I see the same.

But, I ran Mini Toobox on his PC, and there was also a Helpassistant, and one ID number that matched one of mine.  His reads as follows;

User account for \\ (his computer name)

ASPNET               (his computer name)          (his computer name2)
Guest                   Helpassistant                   SUPPORT_388945a0 (This showed up in my Mini Toolbox scan too)

His PC does not have SUPPORT_3f151ab like mine.  Though different models, we both have Dell computers.  Since Helpassistant and SUPPORT_388945a0, is in both of our computers, could this be part of Dell's customer support, or possibly Windows XP, or a program we are both running?  Or perhaps the wireless connection to the printer that is hooked up to my PC that we share?  His PC is wireless, mine is connected to Ethernet.  He prints from his PC, to my printer that we share.

I remember helping on this back in July. It's amazing how long some issues can go without resolution so this is quite stubborn...

Download FixExec.exe to your desktop.
Double click on the downloaded file to run the fix.
When the program has finished, it will generate a log on the desktop called FixExec.txt.
Post the log in your next reply.

NOTE: If for any reason you're not able to execute FixExec.exe rename it to FixExec.com, FixExec.pif or FixExec.scr.

---

Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here.

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that here.
- Right click on and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.


- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair Reparse Point or Repair Environment Variable accordingly. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk.


- Go to Step 4, then click Do It.


- Go to Step 5. Under System Restore click Create.


- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.


- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply.

---

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
  
• In the main box please paste in the following script:
  

  Code:

  createsrpoint;
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedprogs;
  
  
  
• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  

Please include its content in your next reply.
Don't forget to re-enable your switched-off protection software!

I have a dilemma. 

I ran fIXeXEC, It ran for 11 seconds. 

The Tweaking panel looks different than what you displayed above.  It also shows it's for Windows Repair 2018, instead of 2017.  I turned off virus protection before starting Tweaking.  At step 3 I accidentally chose the word "Check", instead of "Open Check Disk At Next Boot".  The check results picked up errors.  After done I went back and selected,"Open Check Disk At Next Boot", and it stated no errors were found.  After  step 3 I reboot as you stated.  After rebooting, I selected Step four and got the following gray window opened.

Step 4 stated SC Open Service Failed 1060:

C:|Documents and Settting\Teressa\Desktop>"C:\WINDOWS\system32\sfc" /scannow Please Restart Your COmputer When System File Checker is Finished.  Press any key to continue. 

Immediately after this message, a Windows File Protection box opened which stated, Please wait while Windows verifies that all protected Windows files are intact and in their original versions.  I wasn't sure what to do, but I let this run.  There is no STEP 5, but I found a Backup and a system restore option there.  But, I am not certain if I should restore, since the extra window popped up stating Windows File Protection was verifying all protected Windows files were intact, etc..  Also, when I rebooted, I forgot to disable antivirus protection again.  I did do so while Windows File Protection was running, but it occurred to me that might be why that window was running.  Should I back track and repeat some steps, or go to the next step?

Hi again,

Thanks for explaining... Let us see if the following will help:

SFCFix - Run Only
Follow the instructions below to download and execute SFCFix, and provide the log.

• Download SFCFix and move the executable on your Desktop;
  
• Double-click to run the program;
  
• Follow the instructions displayed in the console;
  
• On completion, a log will open in Notepad. Copy and paste the content of that log in your next reply;
  Note: The log (SFCFix.txt) will be created in the same directory where SFCFix is run if it doesn't open automatically on completion.
  

Hello, I had not heard back from you, so I continued with the Tweaking program.  I can not tell whether it has stopped or not.  It showed I would be able to tell when it stopped by the CPU usage.  The CPU has been at 1.449% for 40 minutes and has not moved, but it does not look like it finished repair Internet Explorer.  Below is the log for FixExec, and I will post what shows of the Tweaking Log in the following post.  Please let me know if I should go ahead with Zoek or SFCFix.

FixExec by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about FixExec can be found at this link:
 http://www.bleepingcomputer.com/download/windows/utilities/fixexec

Program started at: 10/07/2017 02:29:37 AM in x86 mode.
Windows Version: Windows XP

Checking for processes to terminate before fixing executable associations.
 * C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (356) [Terminated].
 * C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2532) [Terminated].
 * C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4132) [Terminated].
 * C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4712) [Terminated].

4 proccesses terminated!

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.


Program finished at: 10/07/2017 02:29:49 AM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

Log:
Tweaking.com - Windows Repair 2018 (v4.0.7)
────────────────────────────────────────────────────────────────────────────────

System Variables
────────────────────────────────────────────────────────────────────────────────
OS: Microsoft Windows XP
OS Architecture: 32-bit
OS Version: 5.1.2600
OS Service Pack: Service Pack 3
Computer Name: PROSPERITY
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Current Profile: C:\Documents and Settings\Teressa
Current Profile SID: S-1-5-21-2305011698-3870448665-3586125232-1007
Current Profile Classes: S-1-5-21-2305011698-3870448665-3586125232-1007_Classes
Profiles Location: C:\Documents and Settings
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Documents and Settings\Teressa\Local Settings\Application Data
────────────────────────────────────────────────────────────────────────────────

System Information
────────────────────────────────────────────────────────────────────────────────
System Up Time: 0 Days 22:15:26

Process Count: 40
Commit Total: 594.22 MB
Commit Limit: 3.10 GB
Commit Peak: 1.23 GB
Handle Count: 12818
Kernel Total: 133.42 MB
Kernel Paged: 104.80 MB
Kernel Non Paged: 28.62 MB
System Cache: 1.77 GB
Thread Count: 572
────────────────────────────────────────────────────────────────────────────────

Memory Before Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 2.50 GB
Memory Used: 773.23 MB(30.2165%)
Memory Avail.: 1.74 GB
────────────────────────────────────────────────────────────────────────────────

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 2.50 GB
Memory Used: 631.32 MB(24.6706%)
Memory Avail.: 1.88 GB
────────────────────────────────────────────────────────────────────────────────

Starting Repairs...
   Started at (10/8/2017 1:29:45 AM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 148
 
01 - Reset Registry Permissions 01/02
   HKEY_CURRENT_USER & Sub Keys
   Start (10/8/2017 1:29:52 AM)

   Running Repair Under Current User Account
   Done (10/8/2017 1:30:36 AM)

01 - Reset Registry Permissions 02/02
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (10/8/2017 1:30:37 AM)

   Running Repair Under System Account
   Done (10/8/2017 1:34:40 AM)

02 - Reset File Permissions: C:
   C: & Sub Folders
   Start (10/8/2017 1:34:40 AM)

   Running Repair Under Current User Account
   Done (10/8/2017 2:09:35 AM)

Reset File Permissions: All Profiles
   C:\Documents and Settings & Sub Folders
   Start (10/8/2017 2:09:35 AM)

   Running Repair Under Current User Account
   Done (10/8/2017 2:47:35 AM)

Reset File Permissions: Current Profile
   C:\Documents and Settings\Teressa & Sub Folders
   Start (10/8/2017 2:47:35 AM)

   Running Repair Under Current User Account
   Done (10/8/2017 3:14:44 AM)

03 - Reset Service Permissions
   Start (10/8/2017 3:14:44 AM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/8/2017 3:17:08 AM)

04 - Register System Files
   Start (10/8/2017 3:17:08 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/8/2017 3:26:44 AM)

05 - Repair WMI
   Start (10/8/2017 3:26:44 AM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   AVG Antivirus Exported.

   Exporting 3rd Party Firewall Info...
   No 3rd Party Firewall Products Reported.

   Running Repair Under Current User Account
   Done (10/8/2017 3:30:26 AM)

06 - Repair Windows Firewall
   Start (10/8/2017 3:30:26 AM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (10/8/2017 3:30:45 AM)

07 - Repair Internet Explorer
   Start (10/8/2017 3:30:45 AM)
   Running Repair Under Current User Account

Okay, now go with SFCFix only... Do not bother with Zoek because the link is still not working for it anyway to download the program.

SFCFix works with the Windows File Protection and is necessary to help us work further with "that" issue.

SFCFix will not run.  The message states SFCFix.exe - Entry Point Not Found
The procedure entry point Wow64DisableWow64FsRedirection Could not be located in teh dunamic link library KERNEL32.dll.

SFCFix will not run.  The message states SFCFix.exe - Entry Point Not Found
The procedure entry point Wow64DisableWow64FsRedirection Could not be located in teh dunamic link library KERNEL32.dll.

Thanks for this information. Let's try the following... Thanks again for your patience...

• Please download and run UnHide.exe by Grinler.
  
• Double-click unhide.exe to run the program.
  
• This just shows us the super hidden files on the OS so we can find the root problem.
  

To disable CD Emulation programs using DeFogger please perform these steps:

1. Please download DeFogger to your desktop.
   
2. Once downloaded, double-click on the DeFogger icon to start the tool.
   
3. The application window will now appear.  You should now click on the Disable button to disable your CD Emulation drivers
   
4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
   
5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
   
6. If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine.  Please allow it to do so by clicking on the OK button.
   

---

Avast Browser Cleanup Tool

1. Please download this free tool and save it to your desktop.
   
2. Install the program by double-clicking on avast-browser-cleanup-sfx.exe.
   
3. This cleanup tool will search and list if unwanted entries were found. If found, it will display a button ‘Remove all add-ons listed below and cleanup browser.’ You may remove all or delete one entry at a time.
   
4. Avast Browser Cleanup will confirm before it permanently deletes the add-on. Please click Yes to proceed with removal of bad add-ons on the affected browser.
   

---

Please download ZHPcleaner to your desktop.

• Double click on ZHPCleaner to run the tool.
  
• Please click Telecharger (green button) at top of page. It looks like a download button.
  
• Then press ''Repair'' button.
  
• Browsers will automatically shut down.
  
• A logfile will automatically open after the scan has finished.
  
• Please post the contents of that logfile with your next reply.
  

---

Speccy - Publish a snapshot
Follow the instructions below to download and install Speccy, then to publish a snapshot of your system information:

• Download and install Speccy from Piriform (the download will start automatically a few seconds after clicking on the Speccy link);
  Note: You can opt-out the Google Toolbar installation if you want;
  
• Once Speccy is installed, launch the program and give it a good minute to load all your system information;
  
• After that, click on the File menu in the top left corner, and select Publish Snapshot;
  
• A window will appear asking you to confirm your decision to publish a snapshot. Click on Yes;
  
• A new window will appear after, with a URL link to your snapshot. Click on Copy to Clipboard button to copy that URL to  your clipboard, then paste it in your next reply and post it;
  

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 10/09/2017 04:47:56 PM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 0 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 213023 files processed.

Processing the L:\ drive
Finished processing the L:\ drive. 58929 files processed.

The C:\DOCUME~1\ADMINI~1.PRO\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 10/09/2017 05:12:03 PM
Execution time: 0 hours(s), 25 minute(s), and 15 seconds(s)

I have a couple of questions.  I uninstalled Firefox to try to repair the problems within Firefox, but the profiles are still there.  Not all the profiles are mine. But, I need my passwords, and bookmarks from Firefox.  Are these completely lost to me now?  If I run Avast, are these completely lost to me?  If I run Avast, will this repair Firefox, since then profiles are still there, even though I do not have Firefox installed?

Another question aside from the ones I asked above.  I ran Defogger in Safe Mode with Networking, it rebooted in normal mode.  Is this okay?

GypsyCowgirl wrote:

I have a couple of questions.  I uninstalled Firefox to try to repair the problems within Firefox, but the profiles are still there.  Not all the profiles are mine. But, I need my passwords, and bookmarks from Firefox.  Are these completely lost to me now?  If I run Avast, are these completely lost to me?  If I run Avast, will this repair Firefox, since then profiles are still there, even though I do not have Firefox installed?

Where Firefox stores your bookmarks, passwords and other user data

Hello Freebooter.  I am sorry, I do not understand your answer to my questions.

Let me go further.  I have reinstalled Firefox.  There are two user profiles in Firefox.  One is mine, and the other is not, and I have no idea where it came from.  I have installed Avast as instructed.  Avast says it will restore my browser to it's "initial clean state".  It sounds like Avast is going to completely remove my bookmarks and passwords.  If so, is there a way to backup my bookmarks and passwords before running Avast?