I am running a PC with Win XP SP3 (32Bit) with Avast Free 17.8 as primary real-time AV, complemented by MB Anti Exploit Beta 220.127.116.11 and MBAM free 3.3.1 as an on-demand malware scanner. I am using Slimjet as my primary browser, Windscribe as VPN, Windows Firewall and Secunia PSI 3.0 as software updater. All data are backed up on Zoolz and Google Drive.
Since yesterday this system has started behaving weirdly.
It started when Secunia PSI asked to check my internet connection, was not able to connect to the update server and was unable to scan files. After a couple of reboots, it came online again and now it's working fine.
Thinking it was an issue linked to the firewall permission, I tried to open the internet option tab in control panel and - here is the problem. Internet Options would not open, not even using the inetcpl.cpl command. A quick browse pointed to a malware infection.
I ran MBAM which found hijack.host, which I quarantined. A second scan with the rootkit option showed zero infections. I also ran Avast which found Rogue.Win32fakeAV(A), that I also quarantined. A second scan showed no issues. Reading through various forums, both detections may be false positives.
Other Malware scanners (Emsisoft EK, FRST, Rogue Killer, Junkware Removal Tool) showed only PUPs, PUMs.
Interestingly enough, I was unable to run MS Malicious Software Removal Tool and AdwCleaner. In both case, when trying to launch the programs I get the message that the "..........exe file is not a valid Win32 application". Some forums point this behaviour towards a malware.
I also tried a system restore, but after a first restore to 2 days ago (successful, but did not solve the issue), I did not manage to do other restores ("restore incomplete"). Systems restore also shows that this morning my PC installed Windows XP wdf01009. A search on this showed that it's something done by Avast, so it should not be an issue..
Apart from the snags mentioned above (Internet Options not working, a couple of AV not starting and System Restore not restoring properly), the system does not seem to be slower than usual or using more resources than usual.
Any idea and recommendations how to move forward?