Jump to content

scut1

Members
  • Content Count

    13
  • Joined

  • Last visited

Posts posted by scut1


  1. Hi Ron

    MBAM and AdwCleaner scans are clean now. The PC looks ok now - thanks for your help.

    Logs below.

    ========================

    MBAM

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 12/20/17
    Scan Time: 9:42 AM
    Log File: aea0954b-e561-11e7-a8d0-00ffa57e66d1.json
    Administrator: Yes

    -Software Information-
    Version: 3.3.1.2183
    Components Version: 1.0.262
    Update Package Version: 1.0.3525
    License: Free

    -System Information-
    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: SCPC002\sc

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 216329
    Threats Detected: 0
    (No malicious items detected)
    Threats Quarantined: 0
    (No malicious items detected)
    Time Elapsed: 32 min, 56 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)

     

     

    AdwCleaner

    # AdwCleaner v6.046 - Logfile created 20/12/2017 at 10:17:53
    # Updated on 24/04/2017 by Malwarebytes
    # Database : 2017-04-24.1 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (X86)
    # Username : sc - SCPC002
    # Running from : C:\Documents and Settings\sc\My Documents\Downloads\Malware_Tools\adwcleaner_6.046.exe
    # Mode: Scan
    # Support : https://www.malwarebytes.com/support

    ***** [ Services ] *****

    No malicious services found.


    ***** [ Folders ] *****

    No malicious folders found.


    ***** [ Files ] *****

    No malicious files found.


    ***** [ DLL ] *****

    No malicious DLLs found.


    ***** [ WMI ] *****

    No malicious keys found.


    ***** [ Shortcuts ] *****

    No infected shortcut found.


    ***** [ Scheduled Tasks ] *****

    No malicious task found.


    ***** [ Registry ] *****

    No malicious registry entries found.


    ***** [ Web browsers ] *****

    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [2812 Bytes] - [19/12/2017 08:06:17]
    C:\AdwCleaner\AdwCleaner[R0].txt - [2127 Bytes] - [22/09/2013 19:47:17]
    C:\AdwCleaner\AdwCleaner[R1].txt - [938 Bytes] - [22/09/2013 20:03:32]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2246 Bytes] - [22/09/2013 19:52:24]
    C:\AdwCleaner\AdwCleaner[S1].txt - [2810 Bytes] - [19/12/2017 08:03:02]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1411 Bytes] - [20/12/2017 10:17:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1484 Bytes] ##########
     


  2. Hi Ron

    thanks for your help.

    I ran combofix as instructed. The log is attached.

    Please note that I will go on leave from tomorrow and will be unable to log in to this PC for the next 2 weeks.

    Please post your reply to this log and please make your recommendation for the next step, but please be informed that I won't be able to operate on the PC until w/c 8th January.

    Thanks again for your help.

    =============================

    ComboFix 17-12-11.01 - sc 20/12/2017   8:40.3.2 - x86
    Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.2037.1091 [GMT 1:00]
    Running from: c:\documents and settings\sc\Desktop\ComboFix.exe
    AV: Avast Antivirus *Disabled/Updated* {7591db91-41f0-48a3-b128-1a293fd8233d}
    AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9488E0FA-F058-4673-850E-E755F112BABC}
    FW:  *Enabled* {9488E0FA-F058-4673-850E-E755F112BABC}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\_ctypes.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\_elementtree.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\_hashlib.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\_multiprocessing.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\_psutil_windows.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\_socket.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\_ssl.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\_yappi.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\common.time34.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\hashobjs_ext.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\PIL._imaging.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\pyexpat.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\pysqlite2._sqlite.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\python27.dll
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\pythoncom27.dll
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\pywintypes27.dll
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\select.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\thumbnails_ext.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\unicodedata.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\usb_ext.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32api.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32com.shell.shell.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32crypt.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32event.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32file.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32gui.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32inet.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32pdh.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32pipe.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32process.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32profile.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32security.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\win32ts.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\windows._lib_cacheinvalidation.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\windows.device_monitor.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\windows.volumes.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\windows.winwrap.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\winxpgui.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wx._controls_.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wx._core_.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wx._gdi_.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wx._html2.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wx._misc_.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wx._windows_.pyd
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wxbase30u_net_vc90.dll
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wxbase30u_vc90.dll
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wxmsw30u_adv_vc90.dll
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wxmsw30u_core_vc90.dll
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wxmsw30u_html_vc90.dll
    c:\docume~1\sc\LOCALS~1\Temp\_MEI17682\wxmsw30u_webview_vc90.dll
    c:\documents and settings\All Users\Application Data\1440322332.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1442839455.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1442839457.4676.bin
    c:\documents and settings\All Users\Application Data\1442839457.5048.bin
    c:\documents and settings\All Users\Application Data\1442839457.5720.bin
    c:\documents and settings\All Users\Application Data\1442839457.6044.bin
    c:\documents and settings\All Users\Application Data\1442839626.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1442839955.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1442840128.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1442840514.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1481724763.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1481724766.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1504685804.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1504685814.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1504686152.2312.bin
    c:\documents and settings\All Users\Application Data\1504686152.2524.bin
    c:\documents and settings\All Users\Application Data\1504686152.2740.bin
    c:\documents and settings\All Users\Application Data\1504686152.928.bin
    c:\documents and settings\All Users\Application Data\1504696396.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1504696409.4480.bin
    c:\documents and settings\All Users\Application Data\1504696409.5476.bin
    c:\documents and settings\All Users\Application Data\1504696409.5768.bin
    c:\documents and settings\All Users\Application Data\1504696409.6116.bin
    c:\documents and settings\All Users\Application Data\1505656557.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1505656560.1052.bin
    c:\documents and settings\All Users\Application Data\1505656560.2408.bin
    c:\documents and settings\All Users\Application Data\1505656560.3596.bin
    c:\documents and settings\All Users\Application Data\1505656560.4268.bin
    c:\documents and settings\sc\Application Data\inst.exe
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\_ctypes.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\_elementtree.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\_hashlib.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\_multiprocessing.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\_psutil_windows.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\_socket.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\_ssl.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\_yappi.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\common.time34.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\hashobjs_ext.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\PIL._imaging.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\pyexpat.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\pysqlite2._sqlite.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\python27.dll
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\pythoncom27.dll
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\pywintypes27.dll
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\select.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\thumbnails_ext.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\unicodedata.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\usb_ext.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32api.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32com.shell.shell.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32crypt.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32event.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32file.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32gui.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32inet.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32pdh.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32pipe.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32process.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32profile.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32security.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\win32ts.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\windows._lib_cacheinvalidation.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\windows.device_monitor.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\windows.volumes.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\windows.winwrap.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\winxpgui.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wx._controls_.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wx._core_.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wx._gdi_.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wx._html2.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wx._misc_.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wx._windows_.pyd
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wxbase30u_net_vc90.dll
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wxbase30u_vc90.dll
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wxmsw30u_adv_vc90.dll
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wxmsw30u_core_vc90.dll
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wxmsw30u_html_vc90.dll
    c:\documents and settings\sc\Local Settings\Temp\_MEI17682\wxmsw30u_webview_vc90.dll
    c:\windows\$msi31uninstall_kb893803v2$
    c:\windows\$msi31uninstall_kb893803v2$\msi.dll
    c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
    c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
    c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
    c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
    c:\windows\$msi31uninstall_kb893803v2$\reg00013
    c:\windows\$msi31uninstall_kb893803v2$\reg00014
    c:\windows\$msi31uninstall_kb893803v2$\reg00015
    c:\windows\$msi31uninstall_kb893803v2$\reg00016
    c:\windows\$msi31uninstall_kb893803v2$\reg00017
    c:\windows\$msi31uninstall_kb893803v2$\reg00018
    c:\windows\$msi31uninstall_kb893803v2$\reg00019
    c:\windows\$msi31uninstall_kb893803v2$\reg00020
    c:\windows\$msi31uninstall_kb893803v2$\reg00021
    c:\windows\$msi31uninstall_kb893803v2$\reg00022
    c:\windows\$msi31uninstall_kb893803v2$\reg00023
    c:\windows\$msi31uninstall_kb893803v2$\reg00024
    c:\windows\$msi31uninstall_kb893803v2$\reg00025
    c:\windows\$msi31uninstall_kb893803v2$\reg00026
    c:\windows\$msi31uninstall_kb893803v2$\reg00027
    c:\windows\$msi31uninstall_kb893803v2$\reg00028
    c:\windows\$msi31uninstall_kb893803v2$\reg00029
    c:\windows\$msi31uninstall_kb893803v2$\reg00030
    c:\windows\$msi31uninstall_kb893803v2$\reg00031
    c:\windows\$msi31uninstall_kb893803v2$\reg00032
    c:\windows\$msi31uninstall_kb893803v2$\reg00033
    c:\windows\$msi31uninstall_kb893803v2$\reg00034
    c:\windows\$msi31uninstall_kb893803v2$\reg00035
    c:\windows\$msi31uninstall_kb893803v2$\reg00036
    c:\windows\$msi31uninstall_kb893803v2$\reg00037
    c:\windows\$msi31uninstall_kb893803v2$\reg00038
    c:\windows\$msi31uninstall_kb893803v2$\reg00039
    c:\windows\$msi31uninstall_kb893803v2$\reg00040
    c:\windows\$msi31uninstall_kb893803v2$\reg00041
    c:\windows\$msi31uninstall_kb893803v2$\reg00042
    c:\windows\$msi31uninstall_kb893803v2$\reg00043
    c:\windows\$msi31uninstall_kb893803v2$\reg00044
    c:\windows\$msi31uninstall_kb893803v2$\reg00045
    c:\windows\$msi31uninstall_kb893803v2$\reg00046
    c:\windows\$msi31uninstall_kb893803v2$\reg00047
    c:\windows\$msi31uninstall_kb893803v2$\reg00048
    c:\windows\$msi31uninstall_kb893803v2$\reg00051
    c:\windows\$msi31uninstall_kb893803v2$\reg00052
    c:\windows\$msi31uninstall_kb893803v2$\reg00053
    c:\windows\$msi31uninstall_kb893803v2$\reg00054
    c:\windows\$msi31uninstall_kb893803v2$\reg00055
    c:\windows\$msi31uninstall_kb893803v2$\reg00056
    c:\windows\$msi31uninstall_kb893803v2$\reg00057
    c:\windows\$msi31uninstall_kb893803v2$\reg00058
    c:\windows\$msi31uninstall_kb893803v2$\reg00059
    c:\windows\$msi31uninstall_kb893803v2$\reg00060
    c:\windows\$msi31uninstall_kb893803v2$\reg00061
    c:\windows\$msi31uninstall_kb893803v2$\reg00062
    c:\windows\$msi31uninstall_kb893803v2$\reg00063
    c:\windows\$msi31uninstall_kb893803v2$\reg00064
    c:\windows\$msi31uninstall_kb893803v2$\reg00065
    c:\windows\$msi31uninstall_kb893803v2$\reg00066
    c:\windows\$msi31uninstall_kb893803v2$\reg00067
    c:\windows\$msi31uninstall_kb893803v2$\reg00068
    c:\windows\$msi31uninstall_kb893803v2$\reg00069
    c:\windows\$msi31uninstall_kb893803v2$\reg00070
    c:\windows\$msi31uninstall_kb893803v2$\reg00071
    c:\windows\$msi31uninstall_kb893803v2$\reg00072
    c:\windows\$msi31uninstall_kb893803v2$\reg00073
    c:\windows\$msi31uninstall_kb893803v2$\reg00074
    c:\windows\$msi31uninstall_kb893803v2$\reg00075
    c:\windows\$msi31uninstall_kb893803v2$\reg00076
    c:\windows\$msi31uninstall_kb893803v2$\reg00077
    c:\windows\$msi31uninstall_kb893803v2$\reg00078
    c:\windows\$msi31uninstall_kb893803v2$\reg00079
    c:\windows\$msi31uninstall_kb893803v2$\reg00080
    c:\windows\$msi31uninstall_kb893803v2$\reg00081
    c:\windows\$msi31uninstall_kb893803v2$\reg00082
    c:\windows\$msi31uninstall_kb893803v2$\reg00083
    c:\windows\$msi31uninstall_kb893803v2$\reg00084
    c:\windows\$msi31uninstall_kb893803v2$\reg00085
    c:\windows\$msi31uninstall_kb893803v2$\reg00086
    c:\windows\$msi31uninstall_kb893803v2$\reg00087
    c:\windows\$msi31uninstall_kb893803v2$\reg00088
    c:\windows\$msi31uninstall_kb893803v2$\reg00089
    c:\windows\$msi31uninstall_kb893803v2$\reg00090
    c:\windows\$msi31uninstall_kb893803v2$\reg00091
    c:\windows\$msi31uninstall_kb893803v2$\reg00092
    c:\windows\$msi31uninstall_kb893803v2$\reg00093
    c:\windows\$msi31uninstall_kb893803v2$\reg00094
    c:\windows\$msi31uninstall_kb893803v2$\reg00095
    c:\windows\$msi31uninstall_kb893803v2$\reg00096
    c:\windows\$msi31uninstall_kb893803v2$\reg00097
    c:\windows\$msi31uninstall_kb893803v2$\reg00098
    c:\windows\$msi31uninstall_kb893803v2$\reg00099
    c:\windows\$msi31uninstall_kb893803v2$\reg00100
    c:\windows\$msi31uninstall_kb893803v2$\reg00101
    c:\windows\$msi31uninstall_kb893803v2$\reg00102
    c:\windows\$msi31uninstall_kb893803v2$\reg00103
    c:\windows\$msi31uninstall_kb893803v2$\reg00104
    c:\windows\$msi31uninstall_kb893803v2$\reg00105
    c:\windows\$msi31uninstall_kb893803v2$\reg00106
    c:\windows\$msi31uninstall_kb893803v2$\reg00107
    c:\windows\$msi31uninstall_kb893803v2$\reg00108
    c:\windows\$msi31uninstall_kb893803v2$\reg00109
    c:\windows\$msi31uninstall_kb893803v2$\reg00110
    c:\windows\$msi31uninstall_kb893803v2$\reg00111
    c:\windows\$msi31uninstall_kb893803v2$\reg00112
    c:\windows\$msi31uninstall_kb893803v2$\reg00113
    c:\windows\$msi31uninstall_kb893803v2$\reg00114
    c:\windows\$msi31uninstall_kb893803v2$\reg00115
    c:\windows\$msi31uninstall_kb893803v2$\reg00116
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
    c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
    .
    .
    (((((((((((((((((((((((((   Files Created from 2017-11-20 to 2017-12-20  )))))))))))))))))))))))))))))))
    .
    .
    2017-12-19 07:13 . 2017-12-19 07:13    --------    d-----w-    c:\program files\VS Revo Group
    2017-12-17 12:55 . 2017-12-17 12:55    24688    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
    2017-12-17 12:54 . 2017-12-17 13:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\RogueKiller
    2017-12-16 15:42 . 2017-12-16 15:42    --------    d-----w-    c:\documents and settings\Administrator
    2017-12-16 14:18 . 2017-12-16 14:18    --------    d-----w-    c:\windows\Performance
    2017-12-16 14:18 . 2017-12-16 14:18    --------    d-----w-    c:\documents and settings\sc\Local Settings\Application Data\Microsoft Corporation
    2017-12-16 09:46 . 2017-11-10 06:54    305328    ----a-w-    c:\windows\system32\aswBoot.exe
    2017-12-16 09:42 . 2017-12-16 09:42    --------    d-----w-    c:\windows\system32\wbem\Repository
    2017-12-14 08:16 . 2017-12-19 19:27    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes Anti-Exploit
    2017-12-14 08:16 . 2017-12-16 16:06    --------    d-----w-    c:\program files\Malwarebytes Anti-Exploit
    2017-12-14 08:10 . 2017-12-19 13:40    221112    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
    2017-12-14 08:10 . 2017-12-14 08:10    --------    d-----w-    c:\program files\Malwarebytes
    2017-12-14 08:10 . 2017-12-14 08:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\MB2Migration
    2017-12-14 07:59 . 2017-12-14 08:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
    2017-12-12 06:57 . 2017-12-06 19:42    873392    ----a-w-    c:\program files\Mozilla Firefox\uninstall\helper.exe
    2017-12-12 06:57 . 2017-12-06 19:42    66000    ----a-w-    c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
    2017-12-11 08:13 . 2017-12-17 15:55    --------    d-----w-    C:\FRST
    2017-12-05 18:38 . 2017-12-05 18:38    --------    d-----w-    c:\documents and settings\sc\Application Data\ProtonVPN AG
    2017-11-28 14:05 . 2017-12-04 06:55    0    ----a-w-    c:\windows\system32\TempWmicBatchFile.bat
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2017-12-13 09:36 . 2016-01-06 20:21    803328    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2017-12-13 09:36 . 2016-01-06 20:21    144896    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2017-11-29 08:11 . 2017-10-13 08:22    59896    ----a-w-    c:\windows\system32\drivers\mbae.sys
    2017-11-16 07:26 . 2017-09-06 07:41    388760    ----a-w-    c:\windows\system32\drivers\aswSP.sys
    2017-11-10 06:55 . 2017-09-06 07:41    205392    ----a-w-    c:\windows\system32\drivers\aswStmXP.sys
    2017-11-10 06:54 . 2017-11-10 06:55    157176    ----a-w-    c:\windows\system32\drivers\aswArPot.sys
    2017-11-10 06:54 . 2017-09-06 07:41    298360    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
    2017-11-10 06:54 . 2017-09-06 07:41    70864    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
    2017-11-10 06:54 . 2017-09-06 07:41    42848    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
    2017-11-10 06:54 . 2017-09-06 07:41    124952    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
    2017-11-10 06:54 . 2017-09-06 07:41    70112    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
    2017-11-10 06:54 . 2017-09-06 07:41    783136    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
    2017-11-10 06:54 . 2017-09-06 07:41    50376    ----a-w-    c:\windows\system32\drivers\aswbunivx.sys
    2017-11-10 06:54 . 2017-09-06 07:41    276728    ----a-w-    c:\windows\system32\drivers\aswblogx.sys
    2017-11-10 06:54 . 2017-09-06 07:41    255616    ----a-w-    c:\windows\system32\drivers\aswbidsdriverx.sys
    2017-11-10 06:54 . 2017-09-06 07:41    157408    ----a-w-    c:\windows\system32\drivers\aswbidshx.sys
    2017-10-21 20:09 . 2017-09-24 19:54    34864    ----a-w-    c:\windows\system32\drivers\tapwindscribe0901.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2017-09-15 07:49    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2017-09-15 07:49    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2017-09-15 07:49    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2017-11-10 06:54    1396816    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-BackedupIcon]
    @="{9DB6687B-FDB2-4284-AF2A-4562D4EB371D}"
    [HKEY_CLASSES_ROOT\CLSID\{9DB6687B-FDB2-4284-AF2A-4562D4EB371D}]
    2017-07-30 12:05    148992    ----a-w-    c:\program files\Genie9\Zoolz2\Overlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-BackedUpModifiedIcon]
    @="{9DB6687D-FDB2-4284-AF2A-4562D4EB371D}"
    [HKEY_CLASSES_ROOT\CLSID\{9DB6687D-FDB2-4284-AF2A-4562D4EB371D}]
    2017-07-30 12:05    148992    ----a-w-    c:\program files\Genie9\Zoolz2\Overlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-ColdStorageIcon]
    @="{9DB6687F-FDB2-4284-AF2A-4562D4EB371D}"
    [HKEY_CLASSES_ROOT\CLSID\{9DB6687F-FDB2-4284-AF2A-4562D4EB371D}]
    2017-07-30 12:05    148992    ----a-w-    c:\program files\Genie9\Zoolz2\Overlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-FolderInCloudIcon]
    @="{9DB6687E-FDB2-4284-AF2A-4562D4EB371D}"
    [HKEY_CLASSES_ROOT\CLSID\{9DB6687E-FDB2-4284-AF2A-4562D4EB371D}]
    2017-07-30 12:05    148992    ----a-w-    c:\program files\Genie9\Zoolz2\Overlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0Genie9 Zoolz-NotBackedUpIcon]
    @="{9DB6687C-FDB2-4284-AF2A-4562D4EB371D}"
    [HKEY_CLASSES_ROOT\CLSID\{9DB6687C-FDB2-4284-AF2A-4562D4EB371D}]
    2017-07-30 12:05    148992    ----a-w-    c:\program files\Genie9\Zoolz2\Overlay.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HP Officejet 5740 series (NET)"="c:\program files\HP\HP Officejet 5740 series\Bin\ScanToPCActivationApp.exe" [2014-08-22 2424840]
    "Zoolz Tray"="c:\program files\Genie9\Zoolz2\ZoolzLauncher.exe" [2017-07-31 395920]
    "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2017-09-15 40258552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232]
    "V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-29 32768]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-11-10 253344]
    "NetWorx"="c:\program files\NetWorx\networx.exe" [2016-09-22 5219144]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2017-07-27 1160408]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Malwarebytes Anti-Exploit.lnk - c:\program files\Malwarebytes Anti-Exploit\mbae.exe [2017-12-14 2480584]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2016-2-2 605400]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2017-07-27 05:29    1160408    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2015-03-20 15:12    60712    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 02:42    15360    ----a-w-    c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08    1259376    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
    2014-11-06 08:24    138096    ----atw-    c:\documents and settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2009-01-21 03:20    166912    ----a-w-    c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2009-01-21 03:20    134656    ----a-w-    c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2015-09-12 02:25    157456    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2009-01-21 03:18    134656    ----a-w-    c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2017-05-05 14:43    27716568    ----a-r-    c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "Freemake Improver"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Documents and Settings\\sc\\Application Data\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\NetWorx\\networx.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windscribe\\wsappcontrol.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Slimjet\\slimjet.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5357:TCP"= 5357:TCP:WS-Eventing TCP Port 5357
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 0 (0x0)
    .
    R0 aswbidsh;aswbidsh;c:\windows\system32\drivers\aswbidshx.sys [06/09/2017 08:41 157408]
    R0 aswblog;aswblog;c:\windows\system32\drivers\aswblogx.sys [06/09/2017 08:41 276728]
    R0 aswbuniv;aswbuniv;c:\windows\system32\drivers\aswbunivx.sys [06/09/2017 08:41 50376]
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [06/09/2017 08:41 70864]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [06/09/2017 08:41 298360]
    R1 aswArPot;aswArPot;c:\windows\system32\drivers\aswArPot.sys [10/11/2017 07:55 157176]
    R1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [06/09/2017 08:41 255616]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [06/09/2017 08:41 783136]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/09/2017 08:41 388760]
    R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [14/12/2017 09:16 59896]
    R1 networx;networx;c:\windows\system32\drivers\networx.sys [18/09/2016 09:20 67640]
    R2 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [14/05/2009 17:07 759048]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [06/09/2017 08:41 124952]
    R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [14/12/2017 09:16 139776]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [02/02/2016 13:45 1570520]
    R2 WindscribeService;WindscribeService;c:\program files\Windscribe\WindscribeService.exe [24/09/2017 20:54 356968]
    R2 Zoolz 2 Service;Zoolz Backup Service;c:\program files\Genie9\Zoolz2\ZoolzService.exe [30/07/2017 13:06 475792]
    R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\aswidsagent.exe [10/11/2017 07:54 5904136]
    R3 aswStmXP;aswStmXP;c:\windows\system32\drivers\aswStmXP.sys [06/09/2017 08:41 205392]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [04/09/2010 19:39 44032]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [16/05/2013 18:43 30576]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [02/02/2016 13:45 16024]
    R3 tapwindscribe0901;Windscribe VPN;c:\windows\system32\drivers\tapwindscribe0901.sys [24/09/2017 20:54 34864]
    S1 BAPIDRV;BAPIDRV;c:\windows\system32\DRIVERS\BAPIDRV.sys --> c:\windows\system32\DRIVERS\BAPIDRV.sys [?]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [02/02/2016 13:45 837848]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [05/04/2017 15:09 317400]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04/09/2010 19:33 1684736]
    S3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [06/09/2017 08:41 42848]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?]
    S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys --> c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?]
    S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys --> c:\windows\system32\DRIVERS\ew_jucdcacm.sys [?]
    S3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys --> c:\windows\system32\DRIVERS\ew_jucdcecm.sys [?]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?]
    S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys --> c:\windows\system32\DRIVERS\ew_juextctrl.sys [?]
    S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
    S3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [14/12/2017 09:10 4563920]
    S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [05/09/2010 10:27 99648]
    S4 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [06/05/2015 16:57 108032]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2016-04-12 06:22    1106072    ----a-w-    c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2017-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-06 09:36]
    .
    2017-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2017-02-14 15:54]
    .
    2017-12-20 c:\windows\Tasks\Avast Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-10 06:54]
    .
    2017-12-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-1035525444-682003330-1003Core.job
    - c:\documents and settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-11-06 08:24]
    .
    2017-12-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1202660629-1035525444-682003330-1003UA.job
    - c:\documents and settings\sc\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2014-11-06 08:24]
    .
    2017-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-30 12:56]
    .
    2017-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-30 12:56]
    .
    2017-11-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    - c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
    TCP: Interfaces\{01FC6E01-A598-468A-9B58-779F5EF062DB}: NameServer = 205.171.2.65,195.175.39.40,195.175.39.39
    TCP: Interfaces\{2D6F0057-ECC6-4EA2-AB33-ED564A8C94AD}: NameServer = 205.171.2.65,195.175.39.40,195.175.39.39
    TCP: Interfaces\{7056DC40-C8E6-4F4A-A0DA-9763B7DF46EA}: NameServer = 205.171.2.65,195.175.39.40,195.175.39.39
    TCP: Interfaces\{713E59D1-7A69-4EAE-BDAC-FA8E23A6689C}: NameServer = 205.171.2.65,195.175.39.40,195.175.39.39
    TCP: Interfaces\{8745FD36-125F-43EA-B107-7586B438C8BB}: NameServer = 205.171.2.65,195.175.39.40,195.175.39.39
    TCP: Interfaces\{91C57662-15D9-4F3B-B4E3-4A8C15835586}: NameServer = 205.171.2.65,195.175.39.40,195.175.39.39
    TCP: Interfaces\{CE2F0623-0FD6-42DB-BF03-450473E889D2}: NameServer = 205.171.2.65,195.175.39.40,195.175.39.39
    TCP: Interfaces\{D498E0B0-F3EA-4643-81C8-A12726D1D964}: NameServer = 205.171.2.65,195.175.39.40,195.175.39.39
    TCP: Interfaces\{D664E313-6BE6-497A-8F18-B1BFEE898D18}: NameServer = 205.171.2.65,195.175.39.40,195.175.39.39
    TCP: Interfaces\{E26FC572-A2D6-41A3-8259-DB69F4590EC1}: NameServer = 8.8.8.8,8.8.4.4,195.175.39.39
    DPF: {2E8655A5-AF65-4BAC-8207-A17C6AF2987C} - hxxp://www.ttnet.com.tr/ZeroTouch/TTNETMD.cab
    FF - ProfilePath - c:\documents and settings\sc\Application Data\Mozilla\Firefox\Profiles\4p26ie4p.default-1504680299156\
    .
    .
    ------- File Associations -------
    .
    inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
    txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-EaseUS TB Tray Agent - c:\program files\EaseUS\TrayPopup\TrayTipAgent.exe
    MSConfigStartUp-ProductUpdater - c:\program files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
    MSConfigStartUp-TRKY-DnsAyar - c:\program files\TRKY-DnsAyar\TRKY-DnsAyar.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2017-12-20 08:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...  
    .
    scanning hidden autostart entries ... 
    .
    scanning hidden files ...  
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_28_0_0_126_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_28_0_0_126_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3976)
    c:\windows\system32\WININET.dll
    c:\program files\Google\Drive\googledrivesync32.dll
    c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    c:\program files\Genie9\Zoolz2\Overlay.dll
    c:\program files\Genie9\Zoolz2\Communicator.dll
    c:\program files\Genie9\Zoolz2\GSLogging.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\AVAST Software\Avast\AvastUI.exe
    c:\program files\HP\HP Officejet 5740 series\Bin\HPNetworkCommunicatorCom.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Genie9\Zoolz2\Zoolz.exe
    .
    **************************************************************************
    .
    Completion time: 2017-12-20  09:03:00 - machine was rebooted
    ComboFix-quarantined-files.txt  2017-12-20 08:02
    ComboFix2.txt  2013-01-19 16:46
    ComboFix3.txt  2013-01-19 16:40
    .
    Pre-Run: 102,718,873,600 bytes free
    Post-Run: 105,616,908,288 bytes free
    .
    - - End Of File - - 9FFE3A84C865EF30C26A11DC63139AE5
    8F558EB6672622401DA993E1E865C861
     


  3. Hi Ron

    thanks for your reply.

    Please find attached the logs requested:

    - mbam - you will find 2 files: pre- and post malware detection

    - adwcleaner

    - frst (2 files)

    A note on the FRST log. The file says that I have both Avast and BD up to date. However, I uninstalled BD more than 2 months ago (with both Windows Uninstall and BD's own uninstall tool). I double checked this using REVO, and it does not show BD as an installed program.

    As mentioned, my main issue is the fact that I am unable to open Internet Options and System Restore seems in some ways compromised as it does not restore to dates prior to last week.

    I am not sure if this is due to malware, as the AV scans appear to me inconclusive (but I do not consider myself an expert). I leave it to you to determine.

    Thanks for your help.

    mbam_scan_pre.txt

    mbam_scan_post.txt

    FRST.txt

    Addition.txt

    AdwCleaner[S1].txt

    mbam_scan_post.txt


  4. I am running a PC with Win Xp SP3 (32Bit) with Avast Free 17.8 as primary real-time AV, complemented by MBAE v45 and MBAM free 3.3.1 as an on-demand malware scanner.

    Since yesterday my system has started behaving weirdly.

    It started when Secunia PSI asked to check my internet connection, was not able to connect to the update server and was unable to scan files. After a couple of reboots, it came online again and now it's working fine.

    Thinking it was an issue linked to the firewall permission, I tried to open the internet option tab in control panel and - here is the problem. Internet Options would not open, not even using the inetcpl.cpl command. A quick browse pointed to a malware infection.

    I ran MBAM which found hijack.host, which I quarantined. A second scan showed zero infections. I also ran Avast which found VBS: Malware  generic, that I also quarantined. A second scan showed no issues. Reading through various forums, both viruses may be false positives.

    I also tried a system restore, but after a first attempt at restoring to 2 days ago, it will not restore further ("restore incomplete"). Systems restore shows that this morning my PC installed Windows XP wdf01009. Another search pointed again to malware.

    I tried to follow the MS-suggested protocol for malware infections, starting with MS Malicious Software Removal Tool, AdwCleaner and Rogue Killer. However, when trying to launch the programs I get the message that the "..........exe file is not a valid Win32 application". Again, a quick search with this query points to malware.

    The situation has not improved. Current status as follows:

    - MBAM shows no issues

    - Avast shows no issues

    - Emsisoft Emergency Kit shows no issues

    - FRST shows no issues

    - Junkware Removal Tools shows no issues

    Apart from the snags mentioned above, the system is not slower than usual or using more resources than usual.

    Any recommendations how to move forward?

    Thanks


  5. Thanks Arthi.

    I upgraded to v45 and the issue persists, ie - MBAE.exe doesn't start neither at boot nor at the launch of a program it was supposed to protect. The only active service is mbae-svc.exe, yet the logs show that my programs are being protected anyway.

    I have worked around it by putting a shortcut to mbae.exe into the startup folder, thus forcing a launch at boot.

    Thanks for your help.


  6. Hi Rsullinger,

    An update on this issue. This morning we are back to square one.

    On system startup, MBAE.exe didn't start, the only active service is mbae-svc.exe, yet the logs show that my programs are being protected anyway.

    Something i didn't notice until today is that If I manually launch mbae and then I click on "hide icon" on the mbae icon on my system tray, then mbae.exe gets killed.

    I will stick to mbae in its current form (only mbae-svc.exe active) until I get further advice/ input from you guys.

    Thanks for your help.


  7. Hi Rsullinger

    I followed your recommendation and it appears everything is now back to order. The MBAE icon is showing on the system tray and both mbae.exe and mbae-svc.exe are now running. Thanks for your help.

    As a side note, pls remember to instruct folks trying to install a lower version (eg v24) that the MBAE installer has the option "automatically upgrade to new versions"  enabled by default. This means that if you download the installer for v24 and try to install the program, before you actually manage to reach the GUI and uncheck the "automatically upgrade to new versions" box, the program has already updated itself to v41. For the majority of people this is not an issue, but for people like me (XP user), this is a problem.

    The only workaround is to download the installer, shut your internet connection, install the program offline, uncheck the "automatically upgrade to new versions" option, restart your internet connection. This way it won't upgrade to a new version unless you check the box again.

    Hope it helps.


  8. I have a doubt about MBAE 1.10.1.24 startup on my XP SP3 machine. I recently had to downgrade to v24 from v41 after v41 proved not supported on XP machines.

    Since this downgrade, I noticed that the MBAE icon does not show on the system tray although the program it's set to launch on boot. Puzzled, I reviewed the active services via Process Explorer and I noticed that the only active MBAE service is mbae-svc.exe, not the main mbae.exe. If I launch MBAE, then the icon appears on my sytem tray and mbae.exe starts. When reviewing the logs on MBAE UI, I also saw that all programs appeared to have been protected, although mbae.exe was not actually started.

    It looks like mbae-svc works on the background, without the need to launch mbae.exe and without showing an icon on the system tray. In this case, mbae.exe acts as a pure UI, with no active protection role. If what I am saying is correct, I should not be worried, but I would like to have a confirmation by others.

    Have anyone else noticed the same thing? Do you agree with my conclusions?


  9. Very similar issue running XP SP3.

    On top of the snags mentioned above, on my PC MBAE 1.10.1.41 never starts at boot.

    Most of the time, killing the hung task via Task Manager solves the issue, but sometimes it doesn't and a system restart becomes necessary.

    My PC has also become more unpredictable, particularly with longer lag times, especially on web browsing, but also on app opening (Acrobat, Office 2010)

    As an additional background, I have Avast Free 17.7.2314 running as primary AV, supplemented by MBAM 3.2.2.2029 (downgraded to free) standalone. I initially thought it could be the dual presence of MBAM and MBAE that caused the trouble, but I read in the forum they could co-exist.

    Logs attached.

    Malwarebytes Anti-Exploit.zip

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.