Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP3 32 - Internet Options Not Opening - Weird AV Results


  • This topic is locked This topic is locked
18 replies to this topic

#1 scut1

scut1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 17 December 2017 - 11:10 AM

I am running a PC with Win XP SP3 (32Bit) with Avast Free 17.8 as primary real-time AV, complemented by MB Anti Exploit Beta 1.11.1.45 and MBAM free 3.3.1 as an on-demand malware scanner. I am using Slimjet as my primary browser, Windscribe as VPN, Secunia PSI 3.0 as software updater and Windows Firewall is enabled . All data are backed up on Zoolz and Google Drive.

 

Since yesterday this system has started behaving weirdly.

 

It started when Secunia PSI asked to check my internet connection, was not able to connect to the update server and was unable to scan files. After a couple of reboots, it came online again and now it's working fine.

 

Thinking it was an issue linked to the firewall permission, I tried to open the internet option tab in control panel and - here is the problem. Internet Options would not open, not even using the inetcpl.cpl command. A quick browse pointed to a malware infection.

 

I ran MBAM which found hijack.host, which I quarantined. A second scan with the rootkit option showed zero infections. I also ran Avast which found Rogue.Win32fakeAV(A), that I also quarantined. A second scan showed no issues. Reading through various forums, both detections may be false positives.

 

Other Malware scanners (Emsisoft EK, FRST, Rogue Killer, Junkware Removal Tool) showed only PUPs, PUMs.

 

Interestingly enough, I was unable to run MS Malicious Software Removal Tool (Win XP Version). When trying to launch the program I get the message that the "..........exe file is not a valid Win32 application". Some forums point this behaviour towards a malware.

 

I also tried a system restore, but after a first restore to 2 days ago (successful, but did not solve the issue), I did not manage to do other restores ("restore incomplete"). Systems restore also shows that this morning my PC installed Windows XP wdf01009. A search on this shows that it's something done by Avast, so it should not be an issue.

 

Apart from the snags mentioned above (Internet Options not working, an AV not starting and System Restore not restoring properly), the system does not seem to be slower than usual or using more resources than usual.

 

Any idea and recommendations how to move forward?

 

Thanks

 

FRST LOGS BELOW.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2017
Ran by sc (administrator) on SCPC002 (17-12-2017 16:52:22)
Running from C:\Documents and Settings\sc\My Documents\Downloads
Loaded Profiles: sc & Administrator (Available Profiles: sc & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files\Slimjet\slimjet.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ABBYY) C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Creative Technology Ltd.) C:\WINDOWS\V0420Mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(Genie9) C:\Program Files\Genie9\Zoolz2\ZoolzService.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Genie9) C:\Program Files\Genie9\Zoolz2\Zoolz.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17887232 2009-06-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [V0420Mon.exe] => C:\WINDOWS\V0420Mon.exe [32768 2007-04-29] (Creative Technology Ltd.)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-10] (AVAST Software)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [5219144 2016-09-22] (SoftPerfect)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [2424840 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\...\Run: [Zoolz Tray] => C:\Program Files\Genie9\Zoolz2\Zoolz.exe [2168464 2017-07-30] (Genie9)
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [40258552 2017-09-15] ()
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Malwarebytes Anti-Exploit.lnk [2017-12-14]
ShortcutTarget: Malwarebytes Anti-Exploit.lnk -> C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-09-06]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
BootExecute: autocheck autochk * aswBoot.exe /A:"C:" /A:"* STARTUP" /L:"1040" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /dir:"C:\Program Files\AVAST Software\Avast"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1202660629-1035525444-682003330-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{01FC6E01-A598-468A-9B58-779F5EF062DB}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{2D6F0057-ECC6-4EA2-AB33-ED564A8C94AD}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{2D6F0057-ECC6-4EA2-AB33-ED564A8C94AD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7056DC40-C8E6-4F4A-A0DA-9763B7DF46EA}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{7056DC40-C8E6-4F4A-A0DA-9763B7DF46EA}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{713E59D1-7A69-4EAE-BDAC-FA8E23A6689C}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{8745FD36-125F-43EA-B107-7586B438C8BB}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{91C57662-15D9-4F3B-B4E3-4A8C15835586}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{CE2F0623-0FD6-42DB-BF03-450473E889D2}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{CE2F0623-0FD6-42DB-BF03-450473E889D2}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{D498E0B0-F3EA-4643-81C8-A12726D1D964}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{D664E313-6BE6-497A-8F18-B1BFEE898D18}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{E26FC572-A2D6-41A3-8259-DB69F4590EC1}: [NameServer] 8.8.8.8,8.8.4.4,195.175.39.39
Tcpip\..\Interfaces\{E26FC572-A2D6-41A3-8259-DB69F4590EC1}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-21-1202660629-1035525444-682003330-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1202660629-1035525444-682003330-1003 -> DefaultScope {55EB7F25-5469-4A36-818E-3A609EE00258} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1202660629-1035525444-682003330-1003 -> {55EB7F25-5469-4A36-818E-3A609EE00258} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {2E8655A5-AF65-4BAC-8207-A17C6AF2987C} hxxp://www.ttnet.com.tr/ZeroTouch/TTNETMD.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\sc\Application Data\Mozilla\Firefox\Profiles\4p26ie4p.default-1504680299156 [2017-12-17]
FF Extension: (Windscribe) - C:\Documents and Settings\sc\Application Data\Mozilla\Firefox\Profiles\4p26ie4p.default-1504680299156\Extensions\@windscribeff.xpi [2017-10-13] [Legacy]
FF Extension: (Cookie AutoDelete) - C:\Documents and Settings\sc\Application Data\Mozilla\Firefox\Profiles\4p26ie4p.default-1504680299156\Extensions\CookieAutoDelete@kennydo.com.xpi [2017-10-26]
FF Extension: (AdBlock) - C:\Documents and Settings\sc\Application Data\Mozilla\Firefox\Profiles\4p26ie4p.default-1504680299156\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-11-14]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 <video>) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-15] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1202660629-1035525444-682003330-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKU\S-1-5-21-1202660629-1035525444-682003330-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1202660629-1035525444-682003330-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-12-13] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5904136 2017-11-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-10] (AVAST Software)
S4 Freemake Improver; C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-05-06] (Freemake) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [139776 2017-12-13] (Malwarebytes Corporation) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [356968 2017-11-12] (Windscribe Limited)
R2 Zoolz 2 Service; C:\Program Files\Genie9\Zoolz2\ZoolzService.exe [475792 2017-07-30] (Genie9)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2009-06-25] (Creative)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [157176 2017-11-10] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [255616 2017-11-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157408 2017-11-10] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276728 2017-11-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50376 2017-11-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42848 2017-11-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124952 2017-11-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70112 2017-11-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70864 2017-11-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783136 2017-11-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [388760 2017-11-16] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205392 2017-11-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [298360 2017-11-10] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59896 2017-11-29] ()
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [44032 2009-07-27] (Atheros Communications, Inc.) [File not signed]
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2009-06-25] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [67640 2016-09-20] (NetFilterSDK.com)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [803328 2009-11-26] (Ralink Technology, Corp.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\DRIVERS\tapwindscribe0901.sys [34864 2017-10-21] (The OpenVPN Project)
S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)
S3 V0420VID; C:\WINDOWS\System32\DRIVERS\V0420Vid.sys [99648 2007-05-31] (Creative Technology Ltd.) [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 catchme; \??\C:\DOCUME~1\sc\LOCALS~1\Temp\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-17 14:47 - 2017-12-17 14:47 - 000008188 _____ C:\Documents and Settings\sc\Desktop\rogue_killer.txt
2017-12-17 13:55 - 2017-12-17 13:55 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-17 13:54 - 2017-12-17 14:48 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-12-16 17:03 - 2017-12-16 17:03 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus
2017-12-16 16:42 - 2017-12-17 13:47 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-12-16 16:42 - 2017-12-16 16:42 - 000000000 ____D C:\Documents and Settings\Administrator
2017-12-16 16:42 - 2017-10-26 12:07 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-12-16 16:42 - 2017-10-18 07:04 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2017-12-16 16:42 - 2013-03-21 17:04 - 000001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2017-12-16 16:42 - 2013-01-19 17:46 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-12-16 16:42 - 2012-09-21 18:45 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2017-12-16 16:42 - 2012-05-29 09:44 - 000000792 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2017-12-16 15:18 - 2017-12-16 15:18 - 000000000 ____D C:\WINDOWS\Performance
2017-12-16 15:18 - 2017-12-16 15:18 - 000000000 ____D C:\Documents and Settings\sc\Local Settings\Application Data\Microsoft Corporation
2017-12-16 10:46 - 2017-11-10 07:54 - 000305328 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-12-14 09:16 - 2017-12-17 16:47 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2017-12-14 09:16 - 2017-12-16 17:06 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2017-12-14 09:10 - 2017-12-16 17:04 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-14 09:10 - 2017-12-14 09:10 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-14 09:10 - 2017-12-14 09:10 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration
2017-12-14 08:59 - 2017-12-14 09:10 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-12-13 09:36 - 2017-12-13 09:36 - 000000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2017-12-11 12:43 - 2017-12-11 12:45 - 000038502 _____ C:\Documents and Settings\sc\Application Data\Comma Separated Values (Windows).ADR
2017-12-11 09:13 - 2017-12-17 16:52 - 000000000 ____D C:\FRST
2017-12-05 19:38 - 2017-12-05 19:38 - 000000000 ____D C:\Documents and Settings\sc\Application Data\ProtonVPN AG
2017-11-28 15:05 - 2017-12-04 07:55 - 000000000 _____ C:\WINDOWS\system32\TempWmicBatchFile.bat
2017-11-18 11:46 - 2017-11-18 11:57 - 000000000 ____D C:\Program Files\Process_Explorer_v16.02
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-12-17 16:53 - 2012-05-29 10:00 - 000000000 ____D C:\Documents and Settings\sc\Local Settings\Temp
2017-12-17 16:44 - 2012-09-30 15:43 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-12-17 16:36 - 2017-09-14 06:43 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-12-17 16:29 - 2014-11-06 09:19 - 000000986 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-1035525444-682003330-1003UA.job
2017-12-17 13:46 - 2012-05-29 12:20 - 000000000 ____D C:\WINDOWS\security
2017-12-17 13:45 - 2012-05-29 09:40 - 000000000 ____D C:\WINDOWS\Registration
2017-12-17 13:27 - 2017-11-15 13:27 - 000000484 _____ C:\WINDOWS\Tasks\Update for Yandex Browser.job
2017-12-17 12:36 - 2006-02-28 13:00 - 000013646 _____ C:\WINDOWS\system32\wpa.dbl
2017-12-17 10:48 - 2017-09-06 08:42 - 000000310 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2017-12-17 10:29 - 2014-11-06 09:19 - 000000964 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-1035525444-682003330-1003Core.job
2017-12-17 08:49 - 2012-09-30 15:43 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-12-17 08:49 - 2012-05-29 09:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-16 22:27 - 2012-05-29 10:00 - 000000178 ___SH C:\Documents and Settings\sc\ntuser.ini
2017-12-16 22:27 - 2012-05-29 09:59 - 000032524 _____ C:\WINDOWS\SchedLgU.Txt
2017-12-16 16:42 - 2012-05-29 12:31 - 000000000 ____D C:\Documents and Settings
2017-12-16 15:54 - 2012-05-29 10:00 - 000000000 ____D C:\Documents and Settings\sc
2017-12-16 12:13 - 2012-05-29 12:20 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2017-12-16 10:50 - 2012-05-29 12:20 - 000000000 ___HD C:\WINDOWS\inf
2017-12-16 10:42 - 2012-05-29 09:59 - 000000000 __SHD C:\Documents and Settings\LocalService
2017-12-16 10:42 - 2012-05-29 09:58 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-12-16 10:41 - 2017-09-06 09:01 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SW Updater
2017-12-16 10:29 - 2016-03-31 13:46 - 000131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-12-13 21:49 - 2012-05-29 10:19 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2017-12-13 21:43 - 2016-05-19 14:26 - 000000000 ____D C:\Documents and Settings\sc\My Documents\Outlook Files
2017-12-13 10:36 - 2016-01-06 21:21 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-12-13 10:36 - 2016-01-06 21:21 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-12-13 10:36 - 2012-05-29 09:42 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-13 07:34 - 2015-08-28 10:33 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-12-12 07:57 - 2016-11-18 08:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-12 07:38 - 2015-02-07 18:58 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2017-12-02 22:51 - 2017-10-27 15:09 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Browsers
2017-12-02 10:26 - 2013-09-25 20:04 - 000000000 ____D C:\Documents and Settings\sc\Application Data\vlc
2017-11-29 09:11 - 2017-10-13 09:22 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-11-25 11:44 - 2015-09-14 13:45 - 000000000 ____D C:\Documents and Settings\sc\My Documents\Download
2017-11-23 21:46 - 2012-07-15 12:55 - 000000000 ____D C:\Documents and Settings\sc\Application Data\uTorrent
2017-11-20 07:21 - 2017-09-24 20:54 - 000000000 ____D C:\Program Files\Windscribe
2017-11-18 12:01 - 2017-11-15 13:58 - 000000000 ____D C:\Program Files\Slimjet
 
==================== Files in the root of some directories =======
 
2017-12-11 12:43 - 2017-12-11 12:45 - 000038502 _____ () C:\Documents and Settings\sc\Application Data\Comma Separated Values (Windows).ADR
2013-07-21 11:26 - 2013-07-21 13:25 - 000087608 _____ () C:\Documents and Settings\sc\Application Data\inst.exe
2013-07-21 11:26 - 2013-07-21 13:25 - 000007887 _____ () C:\Documents and Settings\sc\Application Data\pcouffin.cat
2013-07-21 11:26 - 2013-07-21 13:25 - 000001144 _____ () C:\Documents and Settings\sc\Application Data\pcouffin.inf
2013-07-21 11:26 - 2013-07-21 13:25 - 000000055 _____ () C:\Documents and Settings\sc\Application Data\pcouffin.log
2013-07-21 11:26 - 2013-07-21 13:25 - 000047360 _____ (VSO Software) C:\Documents and Settings\sc\Application Data\pcouffin.sys
2012-07-15 15:43 - 2016-05-19 14:24 - 000020992 _____ () C:\Documents and Settings\sc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-18 14:57 - 2017-10-18 14:58 - 000087519 _____ () C:\Documents and Settings\sc\Local Settings\Application Data\FASTWiz.log
2015-08-23 10:33 - 2015-08-23 10:33 - 000176204 _____ () C:\Documents and Settings\All Users\Application Data\1440322332.bdinstall.bin
2015-09-21 13:44 - 2015-09-21 13:44 - 000036877 _____ () C:\Documents and Settings\All Users\Application Data\1442839455.bdinstall.bin
2015-09-21 13:44 - 2015-09-21 13:44 - 000038963 _____ () C:\Documents and Settings\All Users\Application Data\1442839457.4676.bin
2015-09-21 13:44 - 2015-09-21 13:44 - 000002406 _____ () C:\Documents and Settings\All Users\Application Data\1442839457.5048.bin
2015-09-21 13:44 - 2015-09-21 13:44 - 000008068 _____ () C:\Documents and Settings\All Users\Application Data\1442839457.5720.bin
2015-09-21 13:44 - 2015-09-21 13:44 - 000001455 _____ () C:\Documents and Settings\All Users\Application Data\1442839457.6044.bin
2015-09-21 13:47 - 2015-09-21 13:47 - 000031682 _____ () C:\Documents and Settings\All Users\Application Data\1442839626.bdinstall.bin
2015-09-21 13:52 - 2015-09-21 13:52 - 000031682 _____ () C:\Documents and Settings\All Users\Application Data\1442839955.bdinstall.bin
2015-09-21 13:57 - 2015-09-21 13:57 - 000097462 _____ () C:\Documents and Settings\All Users\Application Data\1442840128.bdinstall.bin
2015-09-21 14:03 - 2015-09-21 14:03 - 000204578 _____ () C:\Documents and Settings\All Users\Application Data\1442840514.bdinstall.bin
2016-12-14 15:12 - 2016-12-14 15:12 - 000037176 _____ () C:\Documents and Settings\All Users\Application Data\1481724763.bdinstall.bin
2016-12-14 15:12 - 2016-12-14 15:12 - 000039340 _____ () C:\Documents and Settings\All Users\Application Data\1481724766.bdinstall.bin
2017-09-06 09:16 - 2017-09-06 09:16 - 000037175 _____ () C:\Documents and Settings\All Users\Application Data\1504685804.bdinstall.bin
2017-09-06 09:17 - 2017-09-06 09:17 - 000058934 _____ () C:\Documents and Settings\All Users\Application Data\1504685814.bdinstall.bin
2017-09-06 09:23 - 2017-09-06 09:23 - 000002129 _____ () C:\Documents and Settings\All Users\Application Data\1504686152.2312.bin
2017-09-06 09:23 - 2017-09-06 09:23 - 000009272 _____ () C:\Documents and Settings\All Users\Application Data\1504686152.2524.bin
2017-09-06 09:23 - 2017-09-06 09:23 - 000002106 _____ () C:\Documents and Settings\All Users\Application Data\1504686152.2740.bin
2017-09-06 09:22 - 2017-09-06 09:23 - 000041075 _____ () C:\Documents and Settings\All Users\Application Data\1504686152.928.bin
2017-09-06 12:13 - 2017-09-06 12:13 - 000037175 _____ () C:\Documents and Settings\All Users\Application Data\1504696396.bdinstall.bin
2017-09-06 12:13 - 2017-09-06 12:13 - 000001690 _____ () C:\Documents and Settings\All Users\Application Data\1504696409.4480.bin
2017-09-06 12:13 - 2017-09-06 12:28 - 000041437 _____ () C:\Documents and Settings\All Users\Application Data\1504696409.5476.bin
2017-09-06 12:13 - 2017-09-06 12:13 - 000009226 _____ () C:\Documents and Settings\All Users\Application Data\1504696409.5768.bin
2017-09-06 12:13 - 2017-09-06 12:13 - 000002106 _____ () C:\Documents and Settings\All Users\Application Data\1504696409.6116.bin
2017-09-17 14:55 - 2017-09-17 14:55 - 000037176 _____ () C:\Documents and Settings\All Users\Application Data\1505656557.bdinstall.bin
2017-09-17 14:56 - 2017-09-17 15:04 - 000041499 _____ () C:\Documents and Settings\All Users\Application Data\1505656560.1052.bin
2017-09-17 14:56 - 2017-09-17 14:56 - 000002106 _____ () C:\Documents and Settings\All Users\Application Data\1505656560.2408.bin
2017-09-17 14:56 - 2017-09-17 14:56 - 000009229 _____ () C:\Documents and Settings\All Users\Application Data\1505656560.3596.bin
2017-09-17 14:56 - 2017-09-17 14:56 - 000002040 _____ () C:\Documents and Settings\All Users\Application Data\1505656560.4268.bin
2017-02-25 11:06 - 2017-02-25 11:06 - 000000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
 
Some files in TEMP:
====================
2017-12-17 13:54 - 2010-12-09 16:15 - 000718336 _____ (Microsoft Corporation) C:\Documents and Settings\sc\Local Settings\Temp\dllnt_dump.dll
2015-10-21 06:57 - 2015-10-21 06:57 - 000585824 _____ (Oracle Corporation) C:\Documents and Settings\sc\Local Settings\Temp\jre-8u65-windows-au.exe
2015-11-23 08:47 - 2015-11-23 08:47 - 000585824 _____ (Oracle Corporation) C:\Documents and Settings\sc\Local Settings\Temp\jre-8u66-windows-au.exe
2016-01-23 13:59 - 2016-01-23 13:59 - 000644704 _____ (Oracle Corporation) C:\Documents and Settings\sc\Local Settings\Temp\jre-8u71-windows-au.exe
2017-10-13 09:18 - 2017-10-13 09:14 - 071535032 _____ (Malwarebytes                                                ) C:\Documents and Settings\sc\Local Settings\Temp\mbam-setup.exe
2017-10-17 15:00 - 2017-10-17 15:00 - 004149146 _____ () C:\Documents and Settings\sc\Local Settings\Temp\Redist862008.exe
2017-02-08 05:01 - 2017-02-08 05:01 - 044994770 _____ (Igor Pavlov) C:\Documents and Settings\sc\Local Settings\Temp\sjt7z_x86_console.exe
2017-11-22 22:45 - 2017-11-22 22:45 - 000000000 _____ () C:\Documents and Settings\sc\Local Settings\Temp\tuxfcth2.dll
2017-10-11 14:13 - 2008-11-28 13:26 - 000410204 _____ (Ashok P. Nadkarni) C:\Documents and Settings\sc\Local Settings\Temp\twapi-0fc8de8f-b2ea-6445-9b9d-9188dbce5017.dll
2015-09-24 09:23 - 2015-09-24 09:23 - 001774432 _____ (BitTorrent Inc.) C:\Documents and Settings\sc\Local Settings\Temp\utt46.tmp.exe
2015-09-24 09:27 - 2015-09-24 09:27 - 001774432 _____ (BitTorrent Inc.) C:\Documents and Settings\sc\Local Settings\Temp\utt5F.tmp.exe
2017-09-05 10:03 - 2017-09-05 10:03 - 014456872 _____ (Microsoft Corporation) C:\Documents and Settings\sc\Local Settings\Temp\vc_redist.x86.exe
2016-07-22 09:03 - 2016-07-22 09:04 - 030533688 _____ () C:\Documents and Settings\sc\Local Settings\Temp\vlc-2.2.4-win32.exe
2017-06-16 12:12 - 2017-06-16 12:12 - 030950664 _____ () C:\Documents and Settings\sc\Local Settings\Temp\vlc-2.2.6-win32.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2017
Ran by sc (17-12-2017 16:53:55)
Running from C:\Documents and Settings\sc\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2012-05-29 08:57:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1202660629-1035525444-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1202660629-1035525444-682003330-1014 - Limited - Enabled)
Guest (S-1-5-21-1202660629-1035525444-682003330-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1202660629-1035525444-682003330-1000 - Limited - Disabled)
sc (S-1-5-21-1202660629-1035525444-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\sc
SUPPORT_388945a0 (S-1-5-21-1202660629-1035525444-682003330-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9488E0FA-F058-4673-850E-E755F112BABC}
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1202660629-1035525444-682003330-1003\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
ABBYY PDF Transformer 3.0 (HKLM\...\{FA300000-0001-0000-0000-074957833700}) (Version: 3.00.162.6808 - ABBYY) Hidden
ABBYY PDF Transformer 3.0 (HKLM\...\ABBYY PDF Transformer 3.0) (Version: 3.00.162.6808 - ABBYY)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Applian FLV and Media Player 3.1.1.12 (HKLM\...\Applian FLV and Media Player) (Version: 3.1.1.12 - Applian Technologies)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Avi to Dvd Free Converter v6.4.0.48 (HKLM\...\Avi to Dvd Free Converter_is1) (Version:  - AviToDvdFree.com Inc.)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version:  - )
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Backup and Sync from Google (HKLM\...\{A30E2377-AFC5-4EF3-A1E1-ECBC3843C73B}) (Version: 3.36.6884.5911 - Google, Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00) (HKLM\...\Creative VF0420) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
EaseUS MobiSaver 5.0 (HKLM\...\EaseUS MobiSaver 5.0_is1) (Version:  - EaseUS)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Freemake Video Converter version 4.1.10 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Officejet 5740 series Basic Device Software (HKLM\...\{A9A9AF58-D360-46BD-A4D1-BB596762BBD2}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP Officejet 5740 series Help (HKLM\...\{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 9.9.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Malwarebytes Anti-Exploit version 1.11.1.45 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.11.1.45 - Malwarebytes)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Italian/Italiano (HKLM\...\Office14.OMUI.it-it) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.5.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.2 ESR (x86 en-US)) (Version: 52.5.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.2 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version:  - Softperfect)
Product Improvement Study for HP Officejet 5740 series (HKLM\...\{26C492D1-BA1C-4C99-8314-F4D402D17454}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Scratch (HKLM\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM\...\{90140000-0100-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{B459ADCD-B09F-4C2D-B75A-5BCE4876F27A}) (Version:  - Microsoft)
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Windscribe (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 33 - Windscribe Limited)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinX DVD Author 6.2 (HKLM\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
Zoolz2 (HKLM\...\Zoolz2) (Version: 2.1 - Genie9)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1202660629-1035525444-682003330-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1035525444-682003330-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1035525444-682003330-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1202660629-1035525444-682003330-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1202660629-1035525444-682003330-1003_Classes\CLSID\{FDD5EB72-01CB-F68E-817F-20EE4BCAFFBD}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-09-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-09-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-09-15] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-10] (AVAST Software)
ShellIconOverlayIdentifiers: [0Genie9 Zoolz-BackedupIcon] -> {9DB6687B-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\Overlay.dll [2017-07-30] ()
ShellIconOverlayIdentifiers: [0Genie9 Zoolz-BackedUpModifiedIcon] -> {9DB6687D-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\Overlay.dll [2017-07-30] ()
ShellIconOverlayIdentifiers: [0Genie9 Zoolz-ColdStorageIcon] -> {9DB6687F-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\Overlay.dll [2017-07-30] ()
ShellIconOverlayIdentifiers: [0Genie9 Zoolz-FolderInCloudIcon] -> {9DB6687E-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\Overlay.dll [2017-07-30] ()
ShellIconOverlayIdentifiers: [0Genie9 Zoolz-NotBackedUpIcon] -> {9DB6687C-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\Overlay.dll [2017-07-30] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-10] (AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-09-15] (Google)
ContextMenuHandlers1: [Genie9 Zoolz Context Menu Extension] -> {88DE42CC-760E-4BF4-B305-0B0B9374A7E3} => C:\Program Files\Genie9\Zoolz2\ContextMenu.dll [2017-07-30] (Genie9)
ContextMenuHandlers1: [PDFTransformer3ContextMenu] -> {2DC8E5F2-C89C-4730-82C9-19120DEE5B0A} => C:\Program Files\ABBYY PDF Transformer 3.0\PDFTContextMenu.dll [2009-06-29] (ABBYY)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Genie9 Zoolz Context Menu Extension] -> {88DE42CC-760E-4BF4-B305-0B0B9374A7E3} => C:\Program Files\Genie9\Zoolz2\ContextMenu.dll [2017-07-30] (Genie9)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-10] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-09-15] (Google)
ContextMenuHandlers4: [Genie9 Zoolz Context Menu Extension] -> {88DE42CC-760E-4BF4-B305-0B0B9374A7E3} => C:\Program Files\Genie9\Zoolz2\ContextMenu.dll [2017-07-30] (Genie9)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [Genie9 Zoolz Context Menu Extension] -> {88DE42CC-760E-4BF4-B305-0B0B9374A7E3} => C:\Program Files\Genie9\Zoolz2\ContextMenu.dll [2017-07-30] (Genie9)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2009-01-21] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-11-10] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-1035525444-682003330-1003Core.job => C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-1035525444-682003330-1003UA.job => C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Update for Yandex Browser.job => C:\Documents and Settings\sc\Local Settings\Application Data\Yandex\YandexBrowser\Application\browser.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\sc\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Media Players\Codec Packs\Codec\Website.lnk -> hxxp://avicodec.duby.info
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\TAP-Windows\Utilities\Add a new TAP virtual ethernet adapter.lnk -> C:\Program Files\TAP-Windows\bin\addtap.bat (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\TAP-Windows\Utilities\Delete ALL TAP virtual ethernet adapters.lnk -> C:\Program Files\TAP-Windows\bin\deltapall.bat (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-11-10 07:54 - 2017-11-10 07:54 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-10 07:54 - 2017-11-10 07:54 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-10 07:54 - 2017-11-10 07:54 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-10 07:54 - 2017-11-10 07:54 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-10 07:54 - 2017-11-10 07:54 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-12-16 17:01 - 2017-12-16 17:01 - 005766800 _____ () C:\Program Files\AVAST Software\Avast\defs\17121604\algo.dll
2017-11-10 07:54 - 2017-11-10 07:54 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-12-17 16:51 - 2017-12-17 16:51 - 005766800 _____ () C:\Program Files\AVAST Software\Avast\defs\17121700\algo.dll
2017-07-30 13:05 - 2017-07-30 13:05 - 000148992 _____ () C:\Program Files\Genie9\Zoolz2\Overlay.dll
2017-07-20 08:09 - 2017-07-20 08:09 - 000072192 _____ () C:\Program Files\Genie9\Zoolz2\Communicator.dll
2017-07-20 08:09 - 2017-07-20 08:09 - 000038400 _____ () C:\Program Files\Genie9\Zoolz2\GSLogging.dll
2006-02-28 13:00 - 2008-04-14 03:41 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 13:00 - 2008-04-14 03:42 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-02-28 13:00 - 2013-01-02 07:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll
2016-09-18 09:20 - 2016-09-19 11:08 - 000622080 _____ () C:\Program Files\NetWorx\sqlite.dll
2017-08-04 10:58 - 2017-09-15 08:49 - 040258552 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2017-09-06 08:40 - 2017-09-06 08:40 - 048936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-07-20 08:09 - 2017-07-20 08:09 - 000123392 _____ () C:\Program Files\Genie9\Zoolz2\IconOverlayComm.dll
2017-07-30 13:05 - 2017-07-30 13:05 - 000886272 _____ () C:\Program Files\Genie9\Zoolz2\System.Data.SQLite.dll
2017-07-20 08:09 - 2017-07-20 08:09 - 000121344 _____ () C:\Program Files\Genie9\Zoolz2\ManagedCPPDLL.dll
2017-11-10 07:54 - 2017-11-10 07:54 - 000142792 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-11-10 07:54 - 2017-11-10 07:54 - 000245608 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2017-12-17 08:49 - 2017-12-17 08:49 - 000088064 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\_ctypes.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000918528 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\_hashlib.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000098816 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32api.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000110080 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\pywintypes27.dll
2017-12-17 08:49 - 2017-12-17 08:49 - 000364544 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\pythoncom27.dll
2017-12-17 08:49 - 2017-12-17 08:49 - 000686080 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\unicodedata.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000320512 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32com.shell.shell.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 001177088 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\wx._core_.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000806912 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\wx._gdi_.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000816640 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\wx._windows_.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 001067520 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\wx._controls_.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000733696 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\wx._misc_.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000736256 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\pysqlite2._sqlite.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000119808 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32file.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000108544 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32security.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000007168 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\hashobjs_ext.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000017920 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\thumbnails_ext.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000082432 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\usb_ext.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000013824 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\common.time34.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000018432 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32event.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000088576 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\windows.volumes.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000017408 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\windows.winwrap.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000167936 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32gui.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000046080 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\_socket.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 001309696 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\_ssl.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000129536 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\_elementtree.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000127488 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\pyexpat.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000038912 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32inet.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000077824 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\wx._html2.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000036864 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\_psutil_windows.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000524248 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\windows._lib_cacheinvalidation.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000011264 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32crypt.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000218624 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\PIL._imaging.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000027648 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\_multiprocessing.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000319488 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\winxpgui.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000020480 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\_yappi.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000035840 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32process.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000024064 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32pipe.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000010240 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\select.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000025600 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32pdh.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000058880 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\windows.device_monitor.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000017408 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32profile.pyd
2017-12-17 08:49 - 2017-12-17 08:49 - 000022528 _____ () C:\Documents and Settings\sc\Local Settings\Temp\_MEI16242\win32ts.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-02-28 13:00 - 2017-12-16 11:28 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\sc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-1202660629-1035525444-682003330-500\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 8.8.8.8 - 8.8.4.4
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EaseUS TB Tray Agent => "C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: ProductUpdater => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TRKY-DnsAyar => C:\Program Files\TRKY-DnsAyar\TRKY-DnsAyar.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sc\Local Settings\Temp\Rar$EXa0.861\AA_v3.5.exe] => C:\Documents and Settings\sc\Local Settings\Temp\Rar$EXa0.861\AA_v3.5.exe:*:Enabled:Ammyy Admin
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sc\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\NetWorx\networx.exe] => Enabled:SoftPerfect NetWorx
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 5740 series\Bin\FaxApplications.exe] => :LocalSubNet:Enabled:HP Officejet 5740 series FaxApplications
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 5740 series\Bin\DigitalWizards.exe] => :LocalSubNet:Enabled:HP Officejet 5740 series DigitalWizards
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 5740 series\Bin\SendAFax.exe] => :LocalSubNet:Enabled:HP Officejet 5740 series SendFaxAppExe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Officejet 5740 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet 5740 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sc\Local Settings\Temp\7zS6C59\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sc\Local Settings\Temp\7zS74FC\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sc\Local Settings\Temp\7zS46F8\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\usmt\migwiz.exe] => Enabled:Files and Settings Transfer Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sc\Local Settings\Temp\7zS7718\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sc\Local Settings\Temp\7zS1FFA\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Program Files\Windscribe\wsappcontrol.exe] => Enabled:Windscribe auto-login utility
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5357:TCP] => Enabled:WS-Eventing TCP Port 5357
 
==================== Restore Points =========================
 
09-10-2017 19:00:03 System Checkpoint
10-10-2017 19:43:59 System Checkpoint
11-10-2017 15:57:03 Software Distribution Service 3.0
12-10-2017 16:36:51 System Checkpoint
13-10-2017 17:01:48 System Checkpoint
14-10-2017 17:32:09 System Checkpoint
15-10-2017 17:54:08 System Checkpoint
16-10-2017 19:04:39 System Checkpoint
17-10-2017 19:26:56 System Checkpoint
18-10-2017 06:42:52 Software Distribution Service 3.0
19-10-2017 09:37:49 System Checkpoint
19-10-2017 10:32:52 Installed iTunes
20-10-2017 11:43:40 System Checkpoint
21-10-2017 11:44:35 System Checkpoint
22-10-2017 12:44:34 System Checkpoint
23-10-2017 14:56:01 System Checkpoint
24-10-2017 16:02:01 System Checkpoint
25-10-2017 16:05:53 System Checkpoint
26-10-2017 08:27:56 Installed Microsoft Office Language Pack 2010 - Italian/Italiano
26-10-2017 13:00:59 Software Distribution Service 3.0
26-10-2017 13:18:54 Software Distribution Service 3.0
26-10-2017 13:29:11 Removed Backup and Sync from Google
26-10-2017 13:34:47 Software Distribution Service 3.0
26-10-2017 13:58:35 Software Distribution Service 3.0
26-10-2017 16:09:42 Removed Backup and Sync from Google
26-10-2017 16:10:58 Installed Backup and Sync from Google
26-10-2017 16:15:09 Removed Backup and Sync from Google
26-10-2017 16:37:04 Installed Backup and Sync from Google
26-10-2017 16:43:09 Removed Backup and Sync from Google
26-10-2017 17:07:13 Installed Google Drive
26-10-2017 18:57:21 Installed Backup and Sync from Google
26-10-2017 18:57:56 Removed Google Drive
27-10-2017 19:39:30 System Checkpoint
28-10-2017 08:28:08 Removed Microsoft Silverlight
28-10-2017 08:37:21 Removed QuickTime 7
29-10-2017 12:54:37 System Checkpoint
30-10-2017 13:10:03 System Checkpoint
31-10-2017 13:12:02 System Checkpoint
01-11-2017 14:14:34 System Checkpoint
02-11-2017 14:15:34 System Checkpoint
03-11-2017 14:29:44 System Checkpoint
04-11-2017 15:10:01 System Checkpoint
05-11-2017 15:42:09 System Checkpoint
06-11-2017 15:56:45 System Checkpoint
07-11-2017 16:54:59 System Checkpoint
08-11-2017 17:32:11 System Checkpoint
09-11-2017 13:28:08 Removed Extended Asian Language font pack for Adobe Reader XI.
10-11-2017 07:56:26 Installed Windows XP Wdf01009.
11-11-2017 10:37:50 System Checkpoint
12-11-2017 10:45:31 System Checkpoint
13-11-2017 10:51:38 System Checkpoint
14-11-2017 11:27:34 System Checkpoint
15-11-2017 07:50:17 Software Distribution Service 3.0
15-11-2017 10:09:21 Software Distribution Service 3.0
16-11-2017 07:48:18 Software Distribution Service 3.0
16-11-2017 08:20:37 Restore Operation
16-11-2017 11:11:33 Software Distribution Service 3.0
17-11-2017 12:08:23 System Checkpoint
18-11-2017 12:57:27 System Checkpoint
19-11-2017 13:08:35 System Checkpoint
20-11-2017 13:18:20 System Checkpoint
21-11-2017 13:25:13 System Checkpoint
22-11-2017 14:54:07 System Checkpoint
23-11-2017 15:08:49 System Checkpoint
24-11-2017 16:07:48 System Checkpoint
25-11-2017 16:51:39 System Checkpoint
26-11-2017 17:45:06 System Checkpoint
27-11-2017 18:45:14 System Checkpoint
28-11-2017 18:51:29 System Checkpoint
29-11-2017 07:40:11 Software Distribution Service 3.0
30-11-2017 10:21:43 System Checkpoint
01-12-2017 10:26:30 System Checkpoint
02-12-2017 10:44:20 System Checkpoint
03-12-2017 11:52:03 System Checkpoint
04-12-2017 13:27:14 System Checkpoint
05-12-2017 16:52:26 System Checkpoint
11-12-2017 10:24:35 System Checkpoint
11-12-2017 16:32:34 RememBear
12-12-2017 17:59:22 System Checkpoint
13-12-2017 08:04:00 Software Distribution Service 3.0
13-12-2017 21:48:16 Software Distribution Service 3.0
14-12-2017 22:00:16 System Checkpoint
16-12-2017 10:41:31 Restore Operation
16-12-2017 10:50:15 Installed Windows XP Wdf01009.
16-12-2017 12:14:11 Restore Operation
16-12-2017 12:22:51 Restore Operation
16-12-2017 15:18:11 Windows 7 Upgrade Advisor installato
16-12-2017 16:52:26 JRT Pre-Junkware Removal
16-12-2017 17:14:24 Windows 7 Upgrade Advisor rimosso
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/14/2017 12:56:43 PM) (Source: MbaeSvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (12/05/2017 07:38:54 PM) (Source: MsiInstaller) (EventID: 10005) (User: SCPC002)
Description: Product: ProtonVPN -- ProtonVPN cannot be installed on the following Windows versions: Windows XP SP3 x86, Windows Server 2003 SP2 x86.
 
Error: (11/30/2017 07:29:23 PM) (Source: Google Update) (EventID: 20) (User: SCPC002)
Description: Event-ID 20
 
Error: (11/22/2017 09:02:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application acrord32.exe, version 11.0.23.22, faulting module acrord32.dll, version 11.0.23.22, fault address 0x00020640.
Processing media-specific event for [acrord32.exe!ws!]
 
Error: (11/16/2017 08:02:32 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/16/2017 08:02:32 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/16/2017 08:02:32 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/16/2017 08:02:32 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/16/2017 07:50:24 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/16/2017 07:50:24 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (12/17/2017 03:18:20 PM) (Source: 0) (EventID: 8003) (User: )
Description: Event-ID 8003
 
Error: (12/17/2017 09:24:41 AM) (Source: 0) (EventID: 8003) (User: )
Description: Event-ID 8003
 
Error: (12/16/2017 05:01:44 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{E26FC572-A2D6-41A3-8259-DB69F4590EC1}.
The backup browser is stopping.
 
Error: (12/16/2017 04:52:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Zoolz Backup Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/16/2017 04:52:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindscribeService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/16/2017 04:52:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/16/2017 04:52:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSCamSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/16/2017 04:52:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/16/2017 04:52:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/16/2017 04:52:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ABBYY PDF Transformer 3.0 Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 61%
Total physical RAM: 2037.42 MB
Available physical RAM: 780.9 MB
Total Virtual: 3929.7 MB
Available Virtual: 2479.88 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:205.19 GB) (Free:96.67 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:224.29 GB) (Free:156.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B9ACB9AC)
Partition 1: (Active) - (Size=205.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=224.3 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 

 



BC AdBot (Login to Remove)

 


#2 scut1

scut1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 18 December 2017 - 03:10 AM

Quick update.

 

1. I found that I was unable to use MS Malicious Software Removal Tool because I was using a non compatible version. The latest XP Version works just fine, although it did not find any issues.

2. A bootscan this morning using Avast found a VBS: Malware-Gen in a folder linked to system restore (quarantined)

 

So, the main issue here seems to be the fact that Internet Options does not open.

 

Look forward to receiving your feed-back.

 

Thx



#3 polskamachina

polskamachina

  • Malware Response Team
  • 4,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 18 December 2017 - 02:29 PM

Hi  scut1,
My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-8 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 18 December 2017 - 09:07 PM

Hi scut1 :)

Let's begin with a friendly reminder: Windows XP is no longer supported by Microsoft. Therefore, there have not been any security updates for several years. Please consider updating to one of the newer operating systems which will offer you more protection. If you decide to continue using XP, you need to be extra cautious about your internet habits. That being said, please proceed with the following:

Your logs show the following:

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date)
AV: Avast Antivirus (Enabled - Up to date)

Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anti-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.

To avoid these problems, use only one anti-virus solution.

We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions VERY carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an alternate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of your installed AV programs below, I want you to remove one of them
    • Bitdefender
    • Avast
  • Double click on the program you've selected to remove and let the uninstall process begin.
  • When prompted if you want to uninstall click Yes
  • Be sure the Advanced option is selected then click Next
  • The program will run, If prompted again click Yes
  • Note this important step: Before Revo removes the remnants of the program, the original program's uninstaller will run and will prompt you that the process is complete. Then it may ask you to restart your computer. DO NOT RESTART YOUR COMPUTER AT THIS TIME. Click cancel on the restart option and continue with the uninstallation process.
  • Once the program has searched for leftovers click Next
  • Check the box for Select All and then click Delete and accept the prompt that asks if want to delete the selections
  • When prompted click on Yes and then on Next
  • Check the box for Select All and then, select Delete
  • When prompted select Yes then Next
  • Once done click Finish
  • Restart your computer after Revo has finished with uninstall

Next:

Going over your logs I noticed that you have μTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall μTorrent, however that choice is up to you. If you choose to remove it, you can do so using Revo uninstaller. If you wish to keep it, please do not use it until your computer is cleaned.

Next:

Please download AdwCleaner by Xplode and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
  • The tool will start to update the database if one is required. Note: Do not update to version 7 as that version will not run on XP
  • Click on the Scan button
  • AdwCleaner will begin...be patient as the scan may take some time to complete
  • After the scan has finished, click on the Logfile button
  • A window will open which lists the logs of your scans
  • After reviewing the log, click on the Clean button
  • Press OK when asked to close all programs and follow the onscreen prompts
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process
  • After rebooting, a logfile report, AdwCleaner[CX].txt, will open automatically (where the largest value of X represents the most recent report)
  • To open a Cleaning log, launch AdwCleaner, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list
  • Please copy and paste the contents of AdwCleaner[CX].txt in your next reply to me
  • A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Finally, you said you ran Rogue Killer. Please copy and paste that log into your next reply to me. That file is located on your Desktop and named, rogue_killer.txt.

In summary I will need from you:

  • Confirmation that you removed one of your AV programs
  • Whether or not you removed μTorrent
  • AdwCleaner log
  • rogue_killer.txt
  • How is your computer performing now?

Let me know if you have any questions.

polskamachina



#5 scut1

scut1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 19 December 2017 - 02:32 AM

Hi polskamachina

thanks for your help and for your recommendations - very much appreciated.

 

Here is my reply to your instructions.

  1. 1. double AV. I had BD installed until a couple of months ago. I then uninstalled it using BOTH the MS uninstaller and the BD Uninstall tool provided by them. After uninstalling BD I installed Avast. I was very surprised to find BD in the list of the active AVs. In fact, REVO did not list BD as one of my installed programs. Pls advise the next step on this.
  2. μTorrent: I wish to keep it and I am aware of the risks and the caution needed when using it.
  3. AdwCleaner. Logs attached below.
  4. RogueKiller. Logs attached below
  5. Performance. The main issue used to be the fact that my PC cannot open Internet Options and some forums point this to a malware infection. On this front, despite all AV runs, my PC stubbornly keeps refusing to open Internet Options. Apart from it, as I mentioned in my original message, the PC does not seem to be slower or using more resources than usual.

ADWCLEANER LOGS

 

# AdwCleaner v6.046 - Logfile created 19/12/2017 at 08:03:02
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : sc - SCPC002
# Running from : C:\Documents and Settings\sc\My Documents\Downloads\adwcleaner_6.046.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Program Files\Common Files\freemake shared
Folder Found:  C:\Documents and Settings\sc\Local Settings\Application Data\Geckofx
 
 
***** [ Files ] *****
 
File Found:  C:\Documents and Settings\sc\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\9FUZ7YMY\www.alwaysastrology[1].xml
File Found:  C:\Documents and Settings\sc\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\85F8H4YH\www.cafeastrology[1].xml
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
Key Found:  HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applian FLV and Media Player
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Applian FLV and Media Player
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sl-dlc
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
Key Found:  HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[R0].txt - [2127 Bytes] - [22/09/2013 19:47:17]
C:\AdwCleaner\AdwCleaner[R1].txt - [938 Bytes] - [22/09/2013 20:03:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [2246 Bytes] - [22/09/2013 19:52:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [2658 Bytes] - [19/12/2017 08:03:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2731 Bytes] ##########
 
 
 
ROGUE KILLER LOGS
 
RogueKiller V12.11.28.0 [Dec 11 2017] (Free) by Adlice Software
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : sc [Administrator]
Started from : C:\Documents and Settings\sc\My Documents\Downloads\RogueKiller_portable32.exe
Mode : Scan -- Date : 12/17/2017 13:55:50 (Duration : 00:49:47)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[PUP.Gen1] HKEY_CLASSES_ROOT\CLSID\{5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} (C:\Program Files\OApps\SelectionLinks.dll) -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Applian FLV and Media Player -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Applian FLV and Media Player -> Found
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sl-dlc -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E26FC572-A2D6-41A3-8259-DB69F4590EC1} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{E26FC572-A2D6-41A3-8259-DB69F4590EC1} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 15 ¤¤¤
[PUP.Gen1][Folder] C:\Documents and Settings\sc\Application Data\RHEng -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Found
[PUP.uTorrentAds][File] C:\Documents and Settings\sc\Application Data\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found
[PUP.Gen1][Folder] C:\Documents and Settings\sc\Application Data\RHEng -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADS-00L5B1 +++++
--- User ---
[MBR] 917b3d756dfd7cfdb313b33cba952264
[BSP] a89e61d217a4c929ee9f842fb05d62e2 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 210115 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 430317090 | Size: 229671 MB
User = LL1 ... OK
User = LL2 ... OK
 


#6 scut1

scut1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 20 December 2017 - 03:38 AM

Hi polskamachina,

 

please be aware that I will go on vacation from tomorrow for the next 2 weeks and i will not be at this desk, using this PC for the entire period.

So, please reply to my earlier post with your reco on the next steps, but please be aware that I won't be able to operate on the PC until w/c 8th January.

 

Thanks for your help.



#7 polskamachina

polskamachina

  • Malware Response Team
  • 4,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 20 December 2017 - 02:27 PM

Hi scut1 :)

 

Thanks for informing me about your vacation. I'll ask the staff if this topic can remain open for that length of time while you're away. If not, it can be reopened at a later time. In the meantime, I'll post my next set of steps as soon as I can.

 

polskamachina



#8 polskamachina

polskamachina

  • Malware Response Team
  • 4,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 21 December 2017 - 05:25 PM

Hi scut1,
 
Good job posting the logs. :thumbup2:

In addition to the AdwCleaner scan log I need to see the AdwCleaner clean log.

  • Please run AdwCleaner again
  • Click the Logfiles button
  • Click on the Clean tab
  • You should see an entry for the time and date you performed the cleaning. If you see an entry there, then copy and paste that log into your next reply to me
  • If you don't see an entry there, then continue with the rest of these steps
  • Click on Scan
  • After the scan has completed, click on Clean
  • Close all other open programs
  • Click Ok to restart the computer
  • When the computer completes the restart, the AdwCleaner log, AdwCleaner[CX].txt, should appear which will indicate which entries were deleted
  • Please copy and paste that log into your next reply to me

Next:

Let's try and repair your internet options link but first we will try and uninstall IE8 and then replace it with a fresh copy. Read all of these directions carefully before you begin the procedure:

  • Please click on this link and download the IE8 setup program to your desktop  Note: Do not install it yet
  • Click on this link and follow the directions to manually uninstall IE8  Note: Do not run the automatic fix as it may not uninstall correctly
  • Let me know if you had any difficulties with the uninstall

If you were able to uninstall IE8 without any problems, then proceed with the following:

  • Run the IE8 installation program you downloaded earlier and follow the prompts to install it

Next:

 

Let's correct the BitDefender entry which is still showing as part of your security center.

We need to repair Security Center Registration with wbemtest

  • Go to Start -> Run or press Windows key + R
  • Type in wbemtest and press enter
  • Press Connect...
  • In Namespace box type in root\SecurityCenter and press Connect
  • Press Enum Instances...Button.
  • Then copy and paste, AntivirusProduct, into the box and press OK.
  • Highlight {9488E0FA-F058-4673-850E-E755F112BABC} and press Delete.

You may also refer to the following diagram for procedures:
1421074711-outputWTOL-o.gif
Next:

  • Please Run FRST again
  • Click on the Scan button
  • Copy and paste FRST.txt and Addition.txt into your next reply to me

In summary I will need from you:

  • AdwCleaner log named, AdwCleaner[CX].txt
  • Results of your removal and reinstallation of IE8
  • FRST.txt
  • Addition.txt
  • How is your computer performing now?

Let me know if you have any questions.

polskamachina

PS: You said:

please be aware that I won't be able to operate on the PC until w/c 8th January.

That will not be a problem. We can continue with our troubleshooting when you return from your vacation.



#9 scut1

scut1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 23 December 2017 - 05:43 AM

Hi polskamachina

thanks for the detailed instructions  - all very clear. As I said, I will make these things on my return when I will have access to my PC.

 

In the meantime, I wish to point out one concern about uninstalling and reinstalling IE8. I remember having tried doing this about a year ago, as I have not been using IE for the past 6/7 years and I don't like having programs installed that I never use. Anyway, I did not manage to uninstall it, as it appears IE8 is fully embedded with XP on my machine and as the MS article says, in this case I should uninstall XP first. I did not want to go down this route, so I rolled back all changes and kept IE8.

 

I am not sure if this changes your instructions in any way. If it does, then pls send me your new steps and I will be happy to follow them on my return. If it doesn't, just confirm them, so that I know you took note of my earlier failed try.

 

Thanks for your help again.

 

I also take the opportunity to wish you a Happy Christmas and joyful New Year.



#10 polskamachina

polskamachina

  • Malware Response Team
  • 4,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 28 December 2017 - 05:10 PM

Hi scut1,

 

Belated holiday and new year's greetings to you.

 

Good job posting the previous scan logs. :thumbup2: This post will replace the instructions I gave you on 12/21 so ignore that post.

 

Regarding your internet options link issue, we will postpone troubleshooting that until the following steps are completed. It is important that you perform the following tasks in the order they are presented, Let's begin.
 
Previously you posted the AdwCleaner Scan log. However I need to see the AdwCleaner Clean log. Those are two different logs.

  • Please run AdwCleaner again
  • Click the Logfiles button
  • Click on the Clean tab
  • You should see an entry for the time and date you performed the latest cleaning. If you see an entry there that matches the time and date that you ran the last scan, then copy and paste that log into your next reply to me
  • If you don't see an entry there, then continue with the rest of these steps
  • Click on Scan
  • After the scan has completed, click on Clean
  • Close all other open programs
  • Click Ok to restart the computer
  • When the computer completes the restart, the AdwCleaner log should appear which will indicate which entries were deleted
  • Please copy and paste that log into your next reply to me

Next:

 

Run MBAM 3.3 and follow the directions below. Though these diagrams are for a slightly older version, it should be similar enough for you to follow:

  • You will be at the main screen as shown below

malwarebytes.jpg

  • We now need to enable rootkit scanning to detect the largest amount of malware and unwanted programs that is possible with MalwareBytes. To do this, click on the Settings button on the left side of the screen and you will be brought to the general settings section
  • Now click on the Protection tab at the top of the screen. You will now be shown the settings MalwareBytes will use when scanning your computer

protection-settings.jpg

  • At this screen, please enable the Scan for rootkits setting by clicking on the toggle switch so it turns green
  • Now that you have enabled rootkit scanning, click on the Scan button to go to the scan screen

scan-screen.jpg

  • Make sure Threat Scan is selected and then click on the Start Scan button. If there is an update available for Malwarebytes it will automatically download and install it before performing the scan
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you do something else and periodically check on the status of the scan to see when it is finished

scanning.jpg

  • When MBAM is finished scanning it will display a screen that displays any malware, adware, or potentially unwanted programs that it has detected. Please note that the items found may be different than what is shown in the image below due to the guide being updated for newer versions of MBAM

scan-results.jpg

  • You should now click on the Quarantine Selected button to remove all the selected items
  • MBAM will now delete all of the files and registry keys and add them to the program's quarantine
  • When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so
  • When the computer has finished restarting, open MBAM, click on Reports, and copy and paste the latest scan report into your next reply to me

Next:

 

Let's correct the BitDefender entry which is still showing as part of your security center.

We need to repair Security Center Registration with wbemtest

  • Go to Start -> Run or press Windows key + R
  • Type in wbemtest and press enter
  • Press Connect...
  • In Namespace box type in root\SecurityCenter and press Connect
  • Press Enum Instances...Button.
  • Then copy and paste, AntivirusProduct, into the box and press OK.
  • Highlight {9488E0FA-F058-4673-850E-E755F112BABC} and press Delete.

You may also refer to the following diagram for procedures:
1421074711-outputWTOL-o.gif
Next:

  • Please Run FRST again
  • Click on the Scan button
  • Copy and paste FRST.txt and Addition.txt into your next reply to me

In summary I will need from you:

  • AdwCleaner log named, AdwCleaner[CX].txt
  • MBAM scan log
  • FRST.txt
  • Addition.txt
  • How is your computer performing now?

Let me know if you have any questions.

polskamachina



#11 scut1

scut1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 08 January 2018 - 02:15 AM

Hi polskamachina,

happy new year!

 

Thanks for the detailed instructions. Please find below the logs you requested.

The PC is performing fine - as mentioned at the beginning of our discussion, the main issue is that Internet Options is not opening and I thought this behaviour could be due to malware. This issue still persists.

 

Thanks for your help.

 

=======================

 

# AdwCleaner v6.046 - Logfile created 19/12/2017 at 08:06:17
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-24.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : sc - SCPC002
# Running from : C:\Documents and Settings\sc\My Documents\Downloads\adwcleaner_6.046.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files\Common Files\freemake shared
[-] Folder deleted: C:\Documents and Settings\sc\Local Settings\Application Data\Geckofx
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Documents and Settings\sc\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\9FUZ7YMY\www.alwaysastrology[1].xml
[-] File deleted: C:\Documents and Settings\sc\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\85F8H4YH\www.cafeastrology[1].xml
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
[-] Key deleted: HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Applian FLV and Media Player
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Applian FLV and Media Player
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\sl-dlc
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\softonic.com
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2369 Bytes] - [19/12/2017 08:06:17]
C:\AdwCleaner\AdwCleaner[R0].txt - [2127 Bytes] - [22/09/2013 19:47:17]
C:\AdwCleaner\AdwCleaner[R1].txt - [938 Bytes] - [22/09/2013 20:03:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [2246 Bytes] - [22/09/2013 19:52:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [2810 Bytes] - [19/12/2017 08:03:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2733 Bytes] ##########
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/7/18
Scan Time: 8:58 PM
Log File: 171a4f31-f3e5-11e7-b0a0-00ffa57e66d1.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3645
License: Free
 
-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: SCPC002\sc
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 220474
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 28 min, 15 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2017
Ran by sc (administrator) on SCPC002 (07-01-2018 22:23:08)
Running from C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\On-Demand\FRST
Loaded Profiles: sc (Available Profiles: sc & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: "C:\Program Files\Slimjet\slimjet.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Creative Technology Ltd.) C:\WINDOWS\V0420Mon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(SoftPerfect) C:\Program Files\NetWorx\networx.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ABBYY) C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(Genie9) C:\Program Files\Genie9\Zoolz2\ZoolzService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Genie9) C:\Program Files\Genie9\Zoolz2\Zoolz.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(FlashPeak Inc.) C:\Program Files\Slimjet\slimjet.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17887232 2009-06-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [V0420Mon.exe] => C:\WINDOWS\V0420Mon.exe [32768 2007-04-29] (Creative Technology Ltd.)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [246120 2018-01-07] (AVAST Software)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [5219144 2016-09-22] (SoftPerfect)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-07-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\...\Run: [HP Officejet 5740 series (NET)] => C:\Program Files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe [2424840 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\...\Run: [Zoolz Tray] => C:\Program Files\Genie9\Zoolz2\Zoolz.exe [2168464 2017-07-30] (Genie9)
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [40258552 2017-09-15] ()
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
SecurityProviders: 
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-09-06]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-1202660629-1035525444-682003330-1003\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{01FC6E01-A598-468A-9B58-779F5EF062DB}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{2D6F0057-ECC6-4EA2-AB33-ED564A8C94AD}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{2D6F0057-ECC6-4EA2-AB33-ED564A8C94AD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7056DC40-C8E6-4F4A-A0DA-9763B7DF46EA}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{7056DC40-C8E6-4F4A-A0DA-9763B7DF46EA}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{713E59D1-7A69-4EAE-BDAC-FA8E23A6689C}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{8745FD36-125F-43EA-B107-7586B438C8BB}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{91C57662-15D9-4F3B-B4E3-4A8C15835586}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{CE2F0623-0FD6-42DB-BF03-450473E889D2}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{CE2F0623-0FD6-42DB-BF03-450473E889D2}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{D498E0B0-F3EA-4643-81C8-A12726D1D964}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{D664E313-6BE6-497A-8F18-B1BFEE898D18}: [NameServer] 205.171.2.65,195.175.39.40,195.175.39.39
Tcpip\..\Interfaces\{E26FC572-A2D6-41A3-8259-DB69F4590EC1}: [NameServer] 8.8.8.8,8.8.4.4,195.175.39.39
Tcpip\..\Interfaces\{E26FC572-A2D6-41A3-8259-DB69F4590EC1}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1202660629-1035525444-682003330-1003 -> DefaultScope {55EB7F25-5469-4A36-818E-3A609EE00258} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1202660629-1035525444-682003330-1003 -> {55EB7F25-5469-4A36-818E-3A609EE00258} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {2E8655A5-AF65-4BAC-8207-A17C6AF2987C} hxxp://www.ttnet.com.tr/ZeroTouch/TTNETMD.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\sc\Application Data\Mozilla\Firefox\Profiles\4p26ie4p.default-1504680299156 [2017-12-20]
FF Extension: (Windscribe) - C:\Documents and Settings\sc\Application Data\Mozilla\Firefox\Profiles\4p26ie4p.default-1504680299156\Extensions\@windscribeff.xpi [2017-10-13] [Legacy]
FF Extension: (Cookie AutoDelete) - C:\Documents and Settings\sc\Application Data\Mozilla\Firefox\Profiles\4p26ie4p.default-1504680299156\Extensions\CookieAutoDelete@kennydo.com.xpi [2017-10-26]
FF Extension: (AdBlock) - C:\Documents and Settings\sc\Application Data\Mozilla\Firefox\Profiles\4p26ie4p.default-1504680299156\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-11-14]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 <video>) - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-15] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-18] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-13] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1202660629-1035525444-682003330-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKU\S-1-5-21-1202660629-1035525444-682003330-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.PDFTransformer.Classic.3.0; C:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-12-13] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5906816 2018-01-07] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [301168 2018-01-07] (AVAST Software)
S4 Freemake Improver; C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-05-06] (Freemake) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [153888 2017-12-18] (Malwarebytes Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [356968 2017-11-12] (Windscribe Limited)
R2 Zoolz 2 Service; C:\Program Files\Genie9\Zoolz2\ZoolzService.exe [475792 2017-07-30] (Genie9)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2009-06-25] (Creative)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [158224 2018-01-07] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriverx.sys [255584 2018-01-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidshx.sys [157376 2018-01-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswblogx.sys [276696 2018-01-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbunivx.sys [50344 2018-01-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [118144 2018-01-07] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [42824 2018-01-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [124408 2018-01-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [70208 2018-01-07] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [70832 2018-01-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [783104 2018-01-07] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [390272 2018-01-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\System32\drivers\aswStmXP.sys [205360 2018-01-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [294680 2018-01-07] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [58664 2017-12-18] ()
R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [44032 2009-07-27] (Atheros Communications, Inc.) [File not signed]
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2018-01-07] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2009-06-25] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 networx; C:\WINDOWS\System32\drivers\networx.sys [67640 2016-09-20] (NetFilterSDK.com)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
R3 rt2870; C:\WINDOWS\System32\DRIVERS\rt2870.sys [803328 2009-11-26] (Ralink Technology, Corp.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\DRIVERS\tapwindscribe0901.sys [34864 2017-10-21] (The OpenVPN Project)
S3 USB_RNDIS; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)
S3 V0420VID; C:\WINDOWS\System32\DRIVERS\V0420Vid.sys [99648 2007-05-31] (Creative Technology Ltd.) [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; no ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-07 22:20 - 2018-01-07 22:20 - 000001229 _____ C:\Documents and Settings\sc\Desktop\mbam.txt
2018-01-07 20:55 - 2018-01-07 20:55 - 000002812 _____ C:\Documents and Settings\sc\Desktop\clean.txt
2018-01-07 20:08 - 2018-01-07 20:08 - 000053282 _____ C:\Documents and Settings\sc\Desktop\ste.pdf
2018-01-07 20:08 - 2018-01-07 20:08 - 000047764 _____ C:\Documents and Settings\sc\Desktop\sil.pdf
2018-01-07 14:12 - 2018-01-07 14:10 - 000118144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-01-07 14:11 - 2018-01-07 14:10 - 000305840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-01-07 14:02 - 2018-01-07 14:02 - 000000000 _____ C:\WINDOWS\system32\last.dump
2018-01-07 14:00 - 2018-01-07 14:00 - 000000000 _____ C:\Documents and Settings\sc\last.dump
2017-12-20 09:03 - 2017-12-20 09:03 - 000038109 _____ C:\ComboFix.txt
2017-12-20 09:03 - 2017-12-20 09:03 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2017-12-20 09:03 - 2017-12-20 09:03 - 000000000 ____D C:\Documents and Settings\Default User\Local Settings\temp
2017-12-20 09:03 - 2017-12-20 09:03 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2017-12-20 08:50 - 2018-01-07 22:24 - 000000000 ____D C:\Documents and Settings\sc\Local Settings\temp
2017-12-20 08:37 - 2009-04-20 05:56 - 000060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-12-19 08:13 - 2017-12-19 08:13 - 000000000 ____D C:\Program Files\VS Revo Group
2017-12-19 08:13 - 2017-12-19 08:13 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller
2017-12-18 16:06 - 2017-12-18 17:34 - 000000000 ____D C:\Documents and Settings\sc\Desktop\temp
2017-12-17 13:55 - 2017-12-17 13:55 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-12-17 13:54 - 2017-12-17 14:48 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2017-12-16 17:03 - 2017-12-20 20:45 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus
2017-12-16 16:42 - 2017-12-17 13:47 - 000000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2017-12-16 16:42 - 2017-12-16 16:42 - 000000000 ____D C:\Documents and Settings\Administrator
2017-12-16 16:42 - 2017-10-26 12:07 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2017-12-16 16:42 - 2017-10-18 07:04 - 000000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2017-12-16 16:42 - 2013-03-21 17:04 - 000001599 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2017-12-16 16:42 - 2012-09-21 18:45 - 000000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2017-12-16 16:42 - 2012-05-29 09:44 - 000000792 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2017-12-16 15:18 - 2017-12-16 15:18 - 000000000 ____D C:\WINDOWS\Performance
2017-12-16 15:18 - 2017-12-16 15:18 - 000000000 ____D C:\Documents and Settings\sc\Local Settings\Application Data\Microsoft Corporation
2017-12-14 09:16 - 2018-01-07 20:17 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2017-12-14 09:16 - 2017-12-20 20:20 - 000000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2017-12-14 09:10 - 2018-01-07 22:23 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-12-14 09:10 - 2017-12-14 09:10 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-14 09:10 - 2017-12-14 09:10 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB2Migration
2017-12-14 08:59 - 2017-12-14 09:10 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-12-13 09:36 - 2017-12-13 09:36 - 000000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2017-12-11 12:43 - 2017-12-11 12:45 - 000038502 _____ C:\Documents and Settings\sc\Application Data\Comma Separated Values (Windows).ADR
2017-12-11 09:13 - 2018-01-07 22:23 - 000000000 ____D C:\FRST
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-01-07 21:44 - 2012-09-30 15:43 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2018-01-07 21:36 - 2017-09-14 06:43 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2018-01-07 20:53 - 2013-09-22 19:46 - 000000000 ____D C:\AdwCleaner
2018-01-07 20:18 - 2017-09-06 08:42 - 000000310 ____H C:\WINDOWS\Tasks\Avast Emergency Update.job
2018-01-07 20:17 - 2006-02-28 13:00 - 000013646 _____ C:\WINDOWS\system32\wpa.dbl
2018-01-07 20:16 - 2012-09-30 15:43 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2018-01-07 20:16 - 2012-05-29 09:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-07 19:29 - 2014-11-06 09:19 - 000000986 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-1035525444-682003330-1003UA.job
2018-01-07 14:18 - 2012-05-29 10:00 - 000000000 ____D C:\Documents and Settings\sc
2018-01-07 14:14 - 2012-05-29 10:00 - 000000178 ___SH C:\Documents and Settings\sc\ntuser.ini
2018-01-07 14:14 - 2012-05-29 09:59 - 000032650 _____ C:\WINDOWS\SchedLgU.Txt
2018-01-07 14:13 - 2012-05-29 12:20 - 000000000 ___HD C:\WINDOWS\inf
2018-01-07 14:11 - 2017-11-10 07:55 - 000158224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-01-07 14:11 - 2017-09-06 08:41 - 000390272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-01-07 14:11 - 2017-09-06 08:41 - 000294680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-01-07 14:11 - 2017-09-06 08:41 - 000205360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2018-01-07 14:11 - 2017-09-06 08:41 - 000124408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-01-07 14:11 - 2017-09-06 08:41 - 000070832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-01-07 14:11 - 2017-09-06 08:41 - 000070208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2018-01-07 14:11 - 2017-09-06 08:41 - 000042824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-01-07 14:10 - 2017-09-06 08:41 - 000783104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-01-07 14:10 - 2017-09-06 08:41 - 000276696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswblogx.sys
2018-01-07 14:10 - 2017-09-06 08:41 - 000255584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriverx.sys
2018-01-07 14:10 - 2017-09-06 08:41 - 000157376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidshx.sys
2018-01-07 14:10 - 2017-09-06 08:41 - 000050344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbunivx.sys
2017-12-20 10:29 - 2014-11-06 09:19 - 000000964 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-1035525444-682003330-1003Core.job
2017-12-20 09:03 - 2013-01-19 17:32 - 000000000 ____D C:\Qoobox
2017-12-20 09:03 - 2012-05-29 12:31 - 000000000 ___HD C:\Documents and Settings\Default User
2017-12-20 08:52 - 2006-02-28 13:00 - 000000227 _____ C:\WINDOWS\system.ini
2017-12-20 08:51 - 2016-03-31 13:46 - 000131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2017-12-17 13:46 - 2012-05-29 12:20 - 000000000 ____D C:\WINDOWS\security
2017-12-17 13:45 - 2012-05-29 09:40 - 000000000 ____D C:\WINDOWS\Registration
2017-12-16 16:42 - 2012-05-29 12:31 - 000000000 ____D C:\Documents and Settings
2017-12-16 12:13 - 2012-05-29 12:20 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2017-12-16 10:42 - 2012-05-29 09:59 - 000000000 __SHD C:\Documents and Settings\LocalService
2017-12-16 10:42 - 2012-05-29 09:58 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-12-16 10:41 - 2017-09-06 09:01 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SW Updater
2017-12-13 21:49 - 2012-05-29 10:19 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2017-12-13 21:43 - 2016-05-19 14:26 - 000000000 ____D C:\Documents and Settings\sc\My Documents\Outlook Files
2017-12-13 10:36 - 2016-01-06 21:21 - 000803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-12-13 10:36 - 2016-01-06 21:21 - 000144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-12-13 10:36 - 2012-05-29 09:42 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-13 07:34 - 2015-08-28 10:33 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-12-12 07:57 - 2016-11-18 08:36 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-12 07:38 - 2015-02-07 18:58 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
 
==================== Files in the root of some directories =======
 
2017-12-11 12:43 - 2017-12-11 12:45 - 000038502 _____ () C:\Documents and Settings\sc\Application Data\Comma Separated Values (Windows).ADR
2013-07-21 11:26 - 2013-07-21 13:25 - 000007887 _____ () C:\Documents and Settings\sc\Application Data\pcouffin.cat
2013-07-21 11:26 - 2013-07-21 13:25 - 000001144 _____ () C:\Documents and Settings\sc\Application Data\pcouffin.inf
2013-07-21 11:26 - 2013-07-21 13:25 - 000000055 _____ () C:\Documents and Settings\sc\Application Data\pcouffin.log
2013-07-21 11:26 - 2013-07-21 13:25 - 000047360 _____ (VSO Software) C:\Documents and Settings\sc\Application Data\pcouffin.sys
2012-07-15 15:43 - 2016-05-19 14:24 - 000020992 _____ () C:\Documents and Settings\sc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-18 14:57 - 2017-10-18 14:58 - 000087519 _____ () C:\Documents and Settings\sc\Local Settings\Application Data\FASTWiz.log
2017-02-25 11:06 - 2017-02-25 11:06 - 000000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
 
Some files in TEMP:
====================
2017-12-20 20:56 - 2017-12-20 20:56 - 000000000 _____ () C:\Documents and Settings\sc\Local Settings\temp\bh5l0bcq.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2017
Ran by sc (07-01-2018 22:24:51)
Running from C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\On-Demand\FRST
Microsoft Windows XP Professional Service Pack 3 (X86) (2012-05-29 08:57:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1202660629-1035525444-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1202660629-1035525444-682003330-1014 - Limited - Enabled)
Guest (S-1-5-21-1202660629-1035525444-682003330-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1202660629-1035525444-682003330-1000 - Limited - Disabled)
sc (S-1-5-21-1202660629-1035525444-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\sc
SUPPORT_388945a0 (S-1-5-21-1202660629-1035525444-682003330-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1202660629-1035525444-682003330-1003\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
ABBYY PDF Transformer 3.0 (HKLM\...\{FA300000-0001-0000-0000-074957833700}) (Version: 3.00.162.6808 - ABBYY) Hidden
ABBYY PDF Transformer 3.0 (HKLM\...\ABBYY PDF Transformer 3.0) (Version: 3.00.162.6808 - ABBYY)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2A2C8640-5402-428A-909A-0236CB2B77C7}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
Avi to Dvd Free Converter v6.4.0.48 (HKLM\...\Avi to Dvd Free Converter_is1) (Version:  - AviToDvdFree.com Inc.)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version:  - )
Avidemux 2.6 (32-bit) (HKLM\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Backup and Sync from Google (HKLM\...\{A30E2377-AFC5-4EF3-A1E1-ECBC3843C73B}) (Version: 3.36.6884.5911 - Google, Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Creative Live! Cam Vista IM (VF0420) Driver (1.01.01.00) (HKLM\...\Creative VF0420) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
EaseUS MobiSaver 5.0 (HKLM\...\EaseUS MobiSaver 5.0_is1) (Version:  - EaseUS)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Freemake Video Converter version 4.1.10 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.10 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Officejet 5740 series Basic Device Software (HKLM\...\{A9A9AF58-D360-46BD-A4D1-BB596762BBD2}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP Officejet 5740 series Help (HKLM\...\{F17D53C7-DCE8-469C-9690-CF8F5903519C}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Codec Pack 9.9.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.0 - )
Malwarebytes Anti-Exploit version 1.11.1.48 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.11.1.48 - Malwarebytes)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Italian/Italiano (HKLM\...\Office14.OMUI.it-it) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 52.5.2 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.5.2 ESR (x86 en-US)) (Version: 52.5.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.5.2 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version:  - Softperfect)
Product Improvement Study for HP Officejet 5740 series (HKLM\...\{26C492D1-BA1C-4C99-8314-F4D402D17454}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Scratch (HKLM\...\Scratch) (Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM\...\{90140000-0100-0410-0000-0000000FF1CE}_Office14.OMUI.it-it_{B459ADCD-B09F-4C2D-B75A-5BCE4876F27A}) (Version:  - Microsoft)
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Windscribe (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.80 Build 33 - Windscribe Limited)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
WinX DVD Author 6.2 (HKLM\...\WinX DVD Author_is1) (Version:  - DigiartySoft, Inc.)
Zoolz2 (HKLM\...\Zoolz2) (Version: 2.1 - Genie9)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1202660629-1035525444-682003330-1003_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1035525444-682003330-1003_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1202660629-1035525444-682003330-1003_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1202660629-1035525444-682003330-1003_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1202660629-1035525444-682003330-1003_Classes\CLSID\{FDD5EB72-01CB-F68E-817F-20EE4BCAFFBD}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-09-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-09-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-09-15] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-01-07] (AVAST Software)
ShellIconOverlayIdentifiers: [0Genie9 Zoolz-BackedupIcon] -> {9DB6687B-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\Overlay.dll [2017-07-30] ()
ShellIconOverlayIdentifiers: [0Genie9 Zoolz-BackedUpModifiedIcon] -> {9DB6687D-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\Overlay.dll [2017-07-30] ()
ShellIconOverlayIdentifiers: [0Genie9 Zoolz-ColdStorageIcon] -> {9DB6687F-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\Overlay.dll [2017-07-30] ()
ShellIconOverlayIdentifiers: [0Genie9 Zoolz-FolderInCloudIcon] -> {9DB6687E-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\Overlay.dll [2017-07-30] ()
ShellIconOverlayIdentifiers: [0Genie9 Zoolz-NotBackedUpIcon] -> {9DB6687C-FDB2-4284-AF2A-4562D4EB371D} => C:\Program Files\Genie9\Zoolz2\Overlay.dll [2017-07-30] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-01-07] (AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-09-15] (Google)
ContextMenuHandlers1: [Genie9 Zoolz Context Menu Extension] -> {88DE42CC-760E-4BF4-B305-0B0B9374A7E3} => C:\Program Files\Genie9\Zoolz2\ContextMenu.dll [2017-07-30] (Genie9)
ContextMenuHandlers1: [PDFTransformer3ContextMenu] -> {2DC8E5F2-C89C-4730-82C9-19120DEE5B0A} => C:\Program Files\ABBYY PDF Transformer 3.0\PDFTContextMenu.dll [2009-06-29] (ABBYY)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Genie9 Zoolz Context Menu Extension] -> {88DE42CC-760E-4BF4-B305-0B0B9374A7E3} => C:\Program Files\Genie9\Zoolz2\ContextMenu.dll [2017-07-30] (Genie9)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-01-07] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-09-15] (Google)
ContextMenuHandlers4: [Genie9 Zoolz Context Menu Extension] -> {88DE42CC-760E-4BF4-B305-0B0B9374A7E3} => C:\Program Files\Genie9\Zoolz2\ContextMenu.dll [2017-07-30] (Genie9)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [Genie9 Zoolz Context Menu Extension] -> {88DE42CC-760E-4BF4-B305-0B0B9374A7E3} => C:\Program Files\Genie9\Zoolz2\ContextMenu.dll [2017-07-30] (Genie9)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2009-01-21] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-01-07] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-1035525444-682003330-1003Core.job => C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-1035525444-682003330-1003UA.job => C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\sc\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Media Players\Codec Packs\Codec\Website.lnk -> hxxp://avicodec.duby.info
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\TAP-Windows\Utilities\Add a new TAP virtual ethernet adapter.lnk -> C:\Program Files\TAP-Windows\bin\addtap.bat (No File)
Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\TAP-Windows\Utilities\Delete ALL TAP virtual ethernet adapters.lnk -> C:\Program Files\TAP-Windows\bin\deltapall.bat (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-01-07 14:10 - 2018-01-07 14:10 - 000058016 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2018-01-07 14:10 - 2018-01-07 14:10 - 000057504 _____ () C:\Program Files\AVAST Software\Avast\dll_loader.dll
2018-01-07 14:10 - 2018-01-07 14:10 - 000206152 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2018-01-07 14:10 - 2018-01-07 14:10 - 000289272 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-01-07 14:10 - 2018-01-07 14:10 - 000196248 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2018-01-07 14:04 - 2018-01-07 14:04 - 005768336 _____ () C:\Program Files\AVAST Software\Avast\defs\18010604\algo.dll
2018-01-07 14:10 - 2018-01-07 14:10 - 000745408 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-01-07 14:10 - 2018-01-07 14:10 - 000148936 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-01-07 20:19 - 2018-01-07 20:19 - 005768336 _____ () C:\Program Files\AVAST Software\Avast\defs\18010700\algo.dll
2017-07-30 13:05 - 2017-07-30 13:05 - 000148992 _____ () C:\Program Files\Genie9\Zoolz2\Overlay.dll
2017-07-20 08:09 - 2017-07-20 08:09 - 000072192 _____ () C:\Program Files\Genie9\Zoolz2\Communicator.dll
2017-07-20 08:09 - 2017-07-20 08:09 - 000038400 _____ () C:\Program Files\Genie9\Zoolz2\GSLogging.dll
2016-09-18 09:20 - 2016-09-19 11:08 - 000622080 _____ () C:\Program Files\NetWorx\sqlite.dll
2017-08-04 10:58 - 2017-09-15 08:49 - 040258552 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2017-09-06 08:40 - 2017-09-06 08:40 - 048936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-20 16:12 - 2015-03-20 16:12 - 001044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-12 18:58 - 2014-02-12 18:58 - 000073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2006-02-28 13:00 - 2008-04-14 03:41 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 13:00 - 2008-04-14 03:42 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-02-28 13:00 - 2013-01-02 07:49 - 001292288 _____ () C:\WINDOWS\system32\quartz.dll
2018-01-07 14:10 - 2018-01-07 14:10 - 000196816 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2018-01-07 14:10 - 2018-01-07 14:10 - 000293944 _____ () c:\Program Files\AVAST Software\Avast\StreamBack.dll
2017-07-20 08:09 - 2017-07-20 08:09 - 000123392 _____ () C:\Program Files\Genie9\Zoolz2\IconOverlayComm.dll
2017-07-30 13:05 - 2017-07-30 13:05 - 000886272 _____ () C:\Program Files\Genie9\Zoolz2\System.Data.SQLite.dll
2017-07-20 08:09 - 2017-07-20 08:09 - 000121344 _____ () C:\Program Files\Genie9\Zoolz2\ManagedCPPDLL.dll
2018-01-07 20:16 - 2018-01-07 20:16 - 000088064 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\_ctypes.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000918528 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\_hashlib.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000098816 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32api.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000110080 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\pywintypes27.dll
2018-01-07 20:16 - 2018-01-07 20:16 - 000364544 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\pythoncom27.dll
2018-01-07 20:16 - 2018-01-07 20:16 - 000686080 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\unicodedata.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000320512 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32com.shell.shell.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 001177088 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\wx._core_.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000806912 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\wx._gdi_.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000816640 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\wx._windows_.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 001067520 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\wx._controls_.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000733696 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\wx._misc_.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000736256 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\pysqlite2._sqlite.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000119808 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32file.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000108544 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32security.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000007168 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\hashobjs_ext.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000017920 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\thumbnails_ext.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000082432 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\usb_ext.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000013824 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\common.time34.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000018432 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32event.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000088576 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\windows.volumes.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000017408 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\windows.winwrap.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000167936 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32gui.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000046080 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\_socket.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 001309696 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\_ssl.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000129536 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\_elementtree.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000127488 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\pyexpat.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000038912 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32inet.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000077824 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\wx._html2.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000036864 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\_psutil_windows.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000524248 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\windows._lib_cacheinvalidation.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000011264 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32crypt.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000218624 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\PIL._imaging.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000027648 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\_multiprocessing.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000319488 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\winxpgui.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000020480 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\_yappi.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000035840 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32process.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000024064 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32pipe.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000010240 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\select.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000025600 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32pdh.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000058880 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\windows.device_monitor.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000017408 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32profile.pyd
2018-01-07 20:16 - 2018-01-07 20:16 - 000022528 _____ () C:\Documents and Settings\sc\Local Settings\temp\_MEI10202\win32ts.pyd
2017-12-14 09:10 - 2017-11-29 09:11 - 001934792 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-02-28 13:00 - 2017-12-20 08:51 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1202660629-1035525444-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\sc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\sc\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\NetWorx\networx.exe] => Enabled:SoftPerfect NetWorx
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 5740 series\Bin\FaxApplications.exe] => :LocalSubNet:Enabled:HP Officejet 5740 series FaxApplications
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 5740 series\Bin\DigitalWizards.exe] => :LocalSubNet:Enabled:HP Officejet 5740 series DigitalWizards
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 5740 series\Bin\SendAFax.exe] => :LocalSubNet:Enabled:HP Officejet 5740 series SendFaxAppExe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 5740 series\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Officejet 5740 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet 5740 series)
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\usmt\migwiz.exe] => Enabled:Files and Settings Transfer Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Windscribe\wsappcontrol.exe] => Enabled:Windscribe auto-login utility
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Slimjet\slimjet.exe] => Enabled:Slimjet
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [5357:TCP] => Enabled:WS-Eventing TCP Port 5357
 
==================== Restore Points =========================
 
22-10-2017 12:44:34 System Checkpoint
23-10-2017 14:56:01 System Checkpoint
24-10-2017 16:02:01 System Checkpoint
25-10-2017 16:05:53 System Checkpoint
26-10-2017 08:27:56 Installed Microsoft Office Language Pack 2010 - Italian/Italiano
26-10-2017 13:00:59 Software Distribution Service 3.0
26-10-2017 13:18:54 Software Distribution Service 3.0
26-10-2017 13:29:11 Removed Backup and Sync from Google
26-10-2017 13:34:47 Software Distribution Service 3.0
26-10-2017 13:58:35 Software Distribution Service 3.0
26-10-2017 16:09:42 Removed Backup and Sync from Google
26-10-2017 16:10:58 Installed Backup and Sync from Google
26-10-2017 16:15:09 Removed Backup and Sync from Google
26-10-2017 16:37:04 Installed Backup and Sync from Google
26-10-2017 16:43:09 Removed Backup and Sync from Google
26-10-2017 17:07:13 Installed Google Drive
26-10-2017 18:57:21 Installed Backup and Sync from Google
26-10-2017 18:57:56 Removed Google Drive
27-10-2017 19:39:30 System Checkpoint
28-10-2017 08:28:08 Removed Microsoft Silverlight
28-10-2017 08:37:21 Removed QuickTime 7
29-10-2017 12:54:37 System Checkpoint
30-10-2017 13:10:03 System Checkpoint
31-10-2017 13:12:02 System Checkpoint
01-11-2017 14:14:34 System Checkpoint
02-11-2017 14:15:34 System Checkpoint
03-11-2017 14:29:44 System Checkpoint
04-11-2017 15:10:01 System Checkpoint
05-11-2017 15:42:09 System Checkpoint
06-11-2017 15:56:45 System Checkpoint
07-11-2017 16:54:59 System Checkpoint
08-11-2017 17:32:11 System Checkpoint
09-11-2017 13:28:08 Removed Extended Asian Language font pack for Adobe Reader XI.
10-11-2017 07:56:26 Installed Windows XP Wdf01009.
11-11-2017 10:37:50 System Checkpoint
12-11-2017 10:45:31 System Checkpoint
13-11-2017 10:51:38 System Checkpoint
14-11-2017 11:27:34 System Checkpoint
15-11-2017 07:50:17 Software Distribution Service 3.0
15-11-2017 10:09:21 Software Distribution Service 3.0
16-11-2017 07:48:18 Software Distribution Service 3.0
16-11-2017 08:20:37 Restore Operation
16-11-2017 11:11:33 Software Distribution Service 3.0
17-11-2017 12:08:23 System Checkpoint
18-11-2017 12:57:27 System Checkpoint
19-11-2017 13:08:35 System Checkpoint
20-11-2017 13:18:20 System Checkpoint
21-11-2017 13:25:13 System Checkpoint
22-11-2017 14:54:07 System Checkpoint
23-11-2017 15:08:49 System Checkpoint
24-11-2017 16:07:48 System Checkpoint
25-11-2017 16:51:39 System Checkpoint
26-11-2017 17:45:06 System Checkpoint
27-11-2017 18:45:14 System Checkpoint
28-11-2017 18:51:29 System Checkpoint
29-11-2017 07:40:11 Software Distribution Service 3.0
30-11-2017 10:21:43 System Checkpoint
01-12-2017 10:26:30 System Checkpoint
02-12-2017 10:44:20 System Checkpoint
03-12-2017 11:52:03 System Checkpoint
04-12-2017 13:27:14 System Checkpoint
05-12-2017 16:52:26 System Checkpoint
11-12-2017 10:24:35 System Checkpoint
11-12-2017 16:32:34 RememBear
12-12-2017 17:59:22 System Checkpoint
13-12-2017 08:04:00 Software Distribution Service 3.0
13-12-2017 21:48:16 Software Distribution Service 3.0
14-12-2017 22:00:16 System Checkpoint
16-12-2017 10:41:31 Restore Operation
16-12-2017 10:50:15 Installed Windows XP Wdf01009.
16-12-2017 12:14:11 Restore Operation
16-12-2017 12:22:51 Restore Operation
16-12-2017 15:18:11 Windows 7 Upgrade Advisor installato
16-12-2017 16:52:26 JRT Pre-Junkware Removal
16-12-2017 17:14:24 Windows 7 Upgrade Advisor rimosso
17-12-2017 18:29:58 System Checkpoint
18-12-2017 20:26:46 System Checkpoint
19-12-2017 20:26:56 System Checkpoint
20-12-2017 20:37:45 System Checkpoint
07-01-2018 14:13:06 Installed Windows XP Wdf01009.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/07/2018 10:23:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.1.0.595, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [mbamservice.exe!ws!]
 
Error: (12/14/2017 12:56:43 PM) (Source: MbaeSvc) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (12/05/2017 07:38:54 PM) (Source: MsiInstaller) (EventID: 10005) (User: SCPC002)
Description: Product: ProtonVPN -- ProtonVPN cannot be installed on the following Windows versions: Windows XP SP3 x86, Windows Server 2003 SP2 x86.
 
Error: (11/30/2017 07:29:23 PM) (Source: Google Update) (EventID: 20) (User: SCPC002)
Description: Event-ID 20
 
Error: (11/22/2017 09:02:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application acrord32.exe, version 11.0.23.22, faulting module acrord32.dll, version 11.0.23.22, fault address 0x00020640.
Processing media-specific event for [acrord32.exe!ws!]
 
Error: (11/16/2017 08:02:32 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/16/2017 08:02:32 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/16/2017 08:02:32 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/16/2017 08:02:32 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (11/16/2017 07:50:24 AM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (01/07/2018 10:23:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (01/07/2018 02:15:42 PM) (Source: 0) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (12/19/2017 08:05:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/19/2017 08:05:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/19/2017 08:05:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Zoolz Backup Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/19/2017 08:05:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindscribeService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/19/2017 08:05:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Secunia PSI Agent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/19/2017 08:05:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSCamSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/19/2017 08:05:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/19/2017 08:05:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz
Percentage of memory in use: 55%
Total physical RAM: 2037.42 MB
Available physical RAM: 899.3 MB
Total Virtual: 3929.7 MB
Available Virtual: 2628.15 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:205.19 GB) (Free:100.29 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:224.29 GB) (Free:156.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: B9ACB9AC)
Partition 1: (Active) - (Size=205.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=224.3 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 


#12 polskamachina

polskamachina

  • Malware Response Team
  • 4,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 09 January 2018 - 11:49 AM

Hi scut1,
 
Thanks for the New Year's greetings and same to you. :)
 
Let's get back to the troubleshooting.
 
I would like to take inventory of your inetcpl.cpl file(s). Please perform the following:

  • Run FRST.exe
  • Make sure you are hooked up to the internet and let the tool update. (Your previous scan was done with an older version of FRST)
  • In the Search: box, copy and paste inetcpl.cpl
  • This time, click on Search Files
  • When search completes, a file named Search.txt will appear. It will also be saved to the folder from which you ran FRST C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus\On-Demand\
  • Please copy and paste the contents of that file into your next reply to me

In summary I will need from you:

  • Search.txt

Let me know if you have any questions.
 
polskamachina



#13 scut1

scut1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 09 January 2018 - 12:53 PM

Here you go

 

=====================

 

Farbar Recovery Scan Tool (x86) Version: 02.01.2018
Ran by sc (09-01-2018 18:52:23)
Running from C:\Documents and Settings\sc\My Documents\Downloads\AntiVirus
Boot Mode: Normal
 
================== Search Files: "inetcpl.cpl" =============
 
C:\WINDOWS\system32\inetcpl.cpl
[2006-02-28 13:00][2014-03-06 18:59] 001469440 ____N (Microsoft Corporation) 685017065B2F8F8AC6BD15B8926DED06 [File is digitally signed]
 
C:\WINDOWS\system32\dllcache\inetcpl.cpl
[2009-03-08 02:34][2014-03-06 18:59] 001469440 ____C (Microsoft Corporation) 685017065B2F8F8AC6BD15B8926DED06 [File is digitally signed]
 
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3QFE\inetcpl.cpl
[2012-05-29 10:57][2010-05-06 11:36] 001469440 _____ (Microsoft Corporation) 2B682DC9A4E19A2BC8DEEB67AC7753B2 [File is digitally signed]
 
C:\WINDOWS\SoftwareDistribution\Download\e9e3bc7b49018c1f53cc0d1bd73cad37\SP3GDR\inetcpl.cpl
[2012-05-29 10:57][2010-05-06 11:41] 001469440 _____ (Microsoft Corporation) 8F7CD6B3C2FD067F04A54DF30E80A655 [File is digitally signed]
 
C:\WINDOWS\SoftwareDistribution\Download\c1d540600ba9c34c5b3244c020eee491\SP3QFE\inetcpl.cpl
[2012-05-29 10:58][2011-12-17 20:45] 001469440 _____ (Microsoft Corporation) 3EF752C2093430F8BD137CAE24A731A6 [File is digitally signed]
 
C:\WINDOWS\SoftwareDistribution\Download\c1d540600ba9c34c5b3244c020eee491\SP3GDR\inetcpl.cpl
[2012-05-29 10:58][2011-12-17 20:46] 001469440 _____ (Microsoft Corporation) 23EA705D3DCFE272C21FB466A5172E56 [File is digitally signed]
 
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3QFE\inetcpl.cpl
[2012-05-29 10:58][2011-11-04 20:19] 001469440 _____ (Microsoft Corporation) DC84E6010226B8733520AFD2BEA88D6B [File is digitally signed]
 
C:\WINDOWS\SoftwareDistribution\Download\a6632ea9734d3683d8cc4b4a30215873\SP3GDR\inetcpl.cpl
[2012-05-29 10:58][2011-11-04 20:20] 001469440 _____ (Microsoft Corporation) BEF1D6FF294BB814A0396AD731A7E0D2 [File is digitally signed]
 
C:\WINDOWS\SoftwareDistribution\Download\4aed2fc3570ce5559234655d096b9faa\SP3QFE\inetcpl.cpl
[2012-05-29 10:58][2012-03-01 11:58] 001469440 _____ (Microsoft Corporation) 1771C105EF12ACD25F960A45878B08E7 [File is digitally signed]
 
C:\WINDOWS\SoftwareDistribution\Download\4aed2fc3570ce5559234655d096b9faa\SP3GDR\inetcpl.cpl
[2012-05-29 10:58][2012-03-01 12:01] 001469440 _____ (Microsoft Corporation) 88B4CAF331C1BD3FB42FCBC4DA04126A [File is digitally signed]
 
C:\WINDOWS\ServicePackFiles\i386\inetcpl.cpl
[2012-05-29 10:32][2008-04-14 03:42] 000360960 ____N (Microsoft Corporation) F85403775D931BE05ABB7BD82F6656FA [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB982381-IE8\inetcpl.cpl
[2012-05-29 11:01][2009-03-08 02:34] 001469440 ____N (Microsoft Corporation) D9D2AB8103E404A86DF0656F3577D615 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2936068-IE8\inetcpl.cpl
[2014-04-10 19:31][2014-02-24 12:45] 001469440 ____N (Microsoft Corporation) 69914B20BF4569F8CC711DB2ECBB9B67 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2925418-IE8\inetcpl.cpl
[2014-03-14 20:31][2014-02-06 00:26] 001469440 ____N (Microsoft Corporation) 0DF848598862E2306937F64A3605C8F7 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2909921-IE8\inetcpl.cpl
[2014-02-13 21:25][2013-10-29 08:57] 001469440 ____N (Microsoft Corporation) E240F73FF877AA467DF7BDB15AB022DB [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2898785-IE8\inetcpl.cpl
[2013-12-11 20:36][2013-10-13 08:25] 001469440 ____N (Microsoft Corporation) 03E1A10C921C75B6568A6D6C59AB3CB3 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2888505-IE8\inetcpl.cpl
[2013-11-13 20:34][2013-09-23 19:33] 001469440 ____N (Microsoft Corporation) 860218CAD95E5EF956F3F8D0A69FE9EE [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2879017-IE8\inetcpl.cpl
[2013-10-09 20:04][2013-08-08 07:05] 001469440 ____N (Microsoft Corporation) 0D29B130282A96C071F5424D7C96DFD4 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2870699-IE8\inetcpl.cpl
[2013-09-12 20:49][2013-07-26 03:47] 001469440 ____N (Microsoft Corporation) B256304330B711F03929E49E77A2F49E [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2862772-IE8\inetcpl.cpl
[2013-09-02 20:10][2013-06-07 22:56] 001469440 ____N (Microsoft Corporation) D8D5C21A7D0A7DFF011C5352502F17E8 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2846071-IE8\inetcpl.cpl
[2013-07-10 20:45][2013-05-07 23:30] 001469440 ____N (Microsoft Corporation) 1FBDD1540435F0C897ED60307230AFC3 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2838727-IE8\inetcpl.cpl
[2013-06-12 19:48][2013-04-16 23:17] 001469440 ____N (Microsoft Corporation) A65E56B41337E898FC0B358D3B10DE67 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2829530-IE8\inetcpl.cpl
[2013-05-15 18:02][2013-03-02 03:06] 001469440 ____N (Microsoft Corporation) 0D4716C71EFB88ED6733E55647056E14 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2817183-IE8\inetcpl.cpl
[2013-04-10 06:45][2013-02-05 21:05] 001469440 ____N (Microsoft Corporation) E01E47082E606AD22830DDD9BDFE0341 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2809289-IE8\inetcpl.cpl
[2013-03-13 20:43][2012-12-26 21:16] 001469440 ____N (Microsoft Corporation) 18D56E724CE1DC4AE766469BAD5D6EA6 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2792100-IE8\inetcpl.cpl
[2013-02-13 19:22][2012-11-01 13:17] 001469440 ____N (Microsoft Corporation) 4543012A5377EFFAF7FBF41E1012D522 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2761465-IE8\inetcpl.cpl
[2012-12-12 19:21][2012-08-28 16:14] 001469440 ____N (Microsoft Corporation) 40C13456A0D7C41CB2C5B816F8B5EDF8 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2744842-IE8\inetcpl.cpl
[2012-09-22 06:14][2012-07-02 18:49] 001469440 ____N (Microsoft Corporation) 35CCBF4C61DDCF4A0A432E8266EC56EB [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2722913-IE8\inetcpl.cpl
[2012-09-01 19:05][2012-05-11 15:42] 001469440 ____N (Microsoft Corporation) 6BB59CB33E6FE35969E38D2D3B951722 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2699988-IE8\inetcpl.cpl
[2012-06-14 17:30][2012-03-01 12:01] 001469440 ____N (Microsoft Corporation) 88B4CAF331C1BD3FB42FCBC4DA04126A [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2675157-IE8\inetcpl.cpl
[2012-05-29 11:02][2011-12-17 20:46] 001469440 ____N (Microsoft Corporation) 23EA705D3DCFE272C21FB466A5172E56 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2647516-IE8\inetcpl.cpl
[2012-05-29 11:01][2011-11-04 20:20] 001469440 ____N (Microsoft Corporation) BEF1D6FF294BB814A0396AD731A7E0D2 [File is digitally signed]
 
C:\WINDOWS\ie8updates\KB2618444-IE8\inetcpl.cpl
[2012-05-29 11:01][2010-05-06 11:41] 001469440 ____N (Microsoft Corporation) 8F7CD6B3C2FD067F04A54DF30E80A655 [File is digitally signed]
 
C:\WINDOWS\ie8\inetcpl.cpl
[2012-05-29 11:00][2008-04-14 03:42] 000360960 _____ (Microsoft Corporation) F85403775D931BE05ABB7BD82F6656FA [File is digitally signed]
 
C:\WINDOWS\$NtServicePackUninstall$\inetcpl.cpl
[2012-05-29 10:28][2006-02-28 13:00] 000358400 ____C (Microsoft Corporation) 731B489C78840B4CA9955B2AB19C5911 [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB982381-IE8\SP3QFE\inetcpl.cpl
[2012-05-29 11:01][2010-05-06 11:36] 001469440 _____ (Microsoft Corporation) 2B682DC9A4E19A2BC8DEEB67AC7753B2 [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB2817183-IE8\SP3QFE\inetcpl.cpl
[2013-04-10 06:31][2013-03-02 03:05] 001469440 _____ (Microsoft Corporation) 8251BEB8EFB2763A911B424AA00F2186 [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB2809289-IE8\SP3QFE\inetcpl.cpl
[2013-03-13 07:30][2013-02-05 21:04] 001469440 _____ (Microsoft Corporation) 4D380D37861B5A7F95177EE9416CF7B6 [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB2792100-IE8\SP3QFE\inetcpl.cpl
[2013-02-13 09:34][2012-12-26 21:15] 001469440 _____ (Microsoft Corporation) 57049CB719B3DAB61CA139911FD3E030 [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB2761465-IE8\SP3QFE\inetcpl.cpl
[2012-12-12 06:02][2012-11-01 13:15] 001469440 _____ (Microsoft Corporation) 3089A24A3840414AC34CC7CACC22C73D [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB2744842-IE8\SP3QFE\inetcpl.cpl
[2012-09-22 06:13][2012-08-28 16:13] 001469440 _____ (Microsoft Corporation) C8E4C23B74A0B6ED69F7D4C570B2CC4D [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB2722913-IE8\SP3QFE\inetcpl.cpl
[2012-09-01 18:01][2012-07-02 18:48] 001469440 _____ (Microsoft Corporation) D1102807E9995936FF094385DACA1651 [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB2699988-IE8\SP3QFE\inetcpl.cpl
[2012-06-14 05:01][2012-05-11 15:41] 001469440 _____ (Microsoft Corporation) 07313858B24F7CB8B1D4D109F00F4289 [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB2675157-IE8\SP3QFE\inetcpl.cpl
[2012-05-29 11:02][2012-03-01 11:58] 001469440 _____ (Microsoft Corporation) 1771C105EF12ACD25F960A45878B08E7 [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB2647516-IE8\SP3QFE\inetcpl.cpl
[2012-05-29 11:01][2011-12-17 20:45] 001469440 _____ (Microsoft Corporation) 3EF752C2093430F8BD137CAE24A731A6 [File is digitally signed]
 
C:\WINDOWS\$hf_mig$\KB2618444-IE8\SP3QFE\inetcpl.cpl
[2012-05-29 11:01][2011-11-04 20:19] 001469440 _____ (Microsoft Corporation) DC84E6010226B8733520AFD2BEA88D6B [File is digitally signed]
 
 
====== End of Search ======


#14 polskamachina

polskamachina

  • Malware Response Team
  • 4,083 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 10 January 2018 - 04:32 PM

Hi scut1,
 
Good job posting the search results. :thumbup2:
 
Let's see if trying a different version of the file brings you any success.

  • Using Windows Explorer, please navigate to your C:\WINDOWS\ServicePackFiles\i386 folder
  • Locate inetcpl.cpl and double-click it
  • Did the internet options window open?

Let me know if you have any questions.
 
polskamachina



#15 scut1

scut1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 11 January 2018 - 01:57 AM

Hi polskamachina,

 

I had a look at all the inetcpl.cpl files.

 

- in ie8 and in servicepackfiles\i386 the files are 353kb in size

- in all other folders, the file is 1.435 MB

 

Interestingly, all the 353kb files open Internet Options normally, the others don't.

 

So, answering your question, the intecpl.cpl file in servicepackfiles\i386 works regularly.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users