Jump to content


Photo

TROVI plus ???


  • Please log in to reply
6 replies to this topic

#1 gruebane

gruebane

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 18 November 2017 - 09:56 AM

Hello

I have at least one piece of malware - trovi - and possibly more.  My problem is with Chrome just suddenly seems to die. It can not usually find most web pages, sometimes a few sites will work fine, but I cannot access Google.  Eventually the whole thing dies, and if I shut it down, I cannot even get it started again.  Sometimes a re-boot helps.  When I scan with Malwarebytes, it always finds 'trovi' and I quarantine it, but Malwarebytes finds it every day, sometimes an hour after I quarantine it, it will be back. Usually after I quarantine it, Chrome will work fine for a while, but it always returns.  I have seen instructions on how to delete trovi from within Chrome but it never shows itself there.

 

===========================================================

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/18/17
Scan Time: 8:34 AM
Log File: 454d1133-cc65-11e7-9a2f-1c6f65a7f656.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3289
License: Premium
 
-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 251952
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 10 min, 46 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.Trovi, C:\DOCUMENTS AND SETTINGS\RC\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [4978], [454808],1.0.3289
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
======================================================
Result of Security Analysis by Rocket Grannie (x86) Updated: 20th October, 2017
Running from:C:\Documents and Settings\rc\Desktop\forum (10:39:18 - 11/18/2017)
***---------------------------------------------------------***
Microsoft Windows XP Professional X86 Service Pack 3
WARNING! Windows XP is no longer supported
Internet Explorer 8
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Malwarebytes (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (25.0.0.127) ==> is out of Date
CCleaner (5.26) ==> is out of Date
Google Chrome (49.0.2623.112) ==> is out of Date
Java (8.0.600.27)
Malwarebytes (3.3.1.2183)
Mozilla Firefox (52.4.0) ==> is out of Date
 
***----------------Analysis Complete-------------------------***
============================================================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2017
Ran by rc (administrator) on FROBOZZ-385B4AC (18-11-2017 10:35:17)
Running from C:\Documents and Settings\rc\Desktop\forum
Loaded Profiles: rc (Available Profiles: rc)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Nalpeiron Ltd.) C:\WINDOWS\system32\ASTSRV.EXE
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Scansoft, Inc.) C:\Program Files\TextBridge Pro Millennium BE\Bin\InstantAccess.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATINAE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nullsoft) C:\Program Files\Winamp\winamp.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(QUALCOMM Incorporated) C:\Program Files\Eudora\Eudora.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18791456 2010-02-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [InstantAccess] => C:\Program Files\TextBridge Pro Millennium BE\Bin\InstantAccess.exe [49152 2000-05-24] (Scansoft, Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-07-06] (ATI Technologies Inc.)
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATINAE.EXE [262208 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATINAE.EXE [262208 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7173848 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\...\MountPoints2: {2fb897fb-6640-11e7-a2e2-1c6f65a7f656} - D:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\...\MountPoints2: {7e5f615a-68a9-11e7-a2e6-1c6f65a7f656} - D:\VerizonWirelessUpgradeAssistantSetup.exe
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\...\MountPoints2: {aa23f140-3673-11e6-a154-1c6f65a7f656} - D:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS\Jaksta\AC\x86\jaudcap.dll [261552 2015-12-20] (Jaksta Technologies Pty Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-2025429265-1715567821-682003330-1003] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{D4CB7798-FD67-49D5-B8BF-5C2E9B533555}: [DhcpNameServer] 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://gruebane.com/
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://binghamton.craigslist.org/
SearchScopes: HKU\S-1-5-21-2025429265-1715567821-682003330-1003 -> DefaultScope {5B10B6F7-5728-4d05-8CE5-3D5AC14A25DF} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-23] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2025429265-1715567821-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
 
FireFox:
========
FF DefaultProfile: x1syly2k.default
FF ProfilePath: C:\Documents and Settings\rc\Application Data\Mozilla\Firefox\Profiles\x1syly2k.default [2017-11-18]
FF Homepage: C:\Documents and Settings\rc\Application Data\Mozilla\Firefox\Profiles\x1syly2k.default -> https://lafand.com/
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-08-01] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-22] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330394&octid=EB_ORIGINAL_CTID&ISID=M8C4B5365-BF09-4808-9235-A9E2074845BA&SearchSource=55&CUI=&UM=6&UP=SPF5AB848D-3761-4A82-B5C9-99EFD6C4DA74&SSPV=
CHR StartupUrls: Default -> "hxxp://gruebane.com/","hxxp://puzzles.usatoday.com/","hxxp://binghamton.craigslist.org/"
CHR Profile: C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-11-18]
CHR Extension: (Slides) - C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-02]
CHR Extension: (YouTube) - C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-02]
CHR Extension: (Sheets) - C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-02]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASTSRV; C:\WINDOWS\system32\ASTSRV.EXE [57344 2008-05-19] (Nalpeiron Ltd.) [File not signed]
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [593392 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [126128 2012-05-16] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2013-04-15] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4563920 2017-11-01] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-02-20] (HP) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)
S3 appliand; C:\WINDOWS\System32\DRIVERS\appliand.sys [28256 2014-11-27] (Applian Technologies Inc.)
R3 appliandMP; C:\WINDOWS\System32\DRIVERS\appliand.sys [28256 2014-11-27] (Applian Technologies Inc.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59896 2017-11-01] ()
S3 gdrv; C:\WINDOWS\gdrv.sys [17488 2015-08-21] (Windows ® 2000 DDK provider)
R3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51024 2003-03-09] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16080 2003-03-09] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21456 2003-03-09] (HP)
R3 jakstaVA; C:\WINDOWS\System32\DRIVERS\jaksta_va.sys [91784 2014-12-08] (e2eSoft)
R0 mbamchameleon; C:\WINDOWS\System32\drivers\mbamchameleon.sys [150304 2017-11-14] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [40376 2017-11-18] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [221112 2017-11-18] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)
R3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2015-08-06] (VSO Software) [File not signed]
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-18 10:35 - 2017-11-18 10:35 - 000000000 ____D C:\FRST
2017-11-15 18:05 - 2017-11-15 18:05 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2017-11-14 10:00 - 2017-11-14 10:00 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2017-11-14 08:58 - 2017-11-18 08:34 - 000221112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-11-14 08:58 - 2017-11-18 08:34 - 000040376 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-11-14 08:58 - 2017-11-14 08:58 - 000150304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-14 08:57 - 2017-11-14 08:57 - 000001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-11-14 08:57 - 2017-11-14 08:57 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-11-14 08:57 - 2017-11-14 08:57 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-11-14 08:57 - 2017-11-01 08:54 - 000059896 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-11-14 08:55 - 2017-11-14 08:55 - 000000000 ____D C:\Documents and Settings\All Users\Application Data\MB3CoreBackup
2017-11-10 18:38 - 2017-11-10 18:38 - 000000032 _____ C:\Documents and Settings\rc\Desktop\brotherwise.txt
2017-11-06 17:03 - 2017-11-06 18:54 - 000000000 ____D C:\Documents and Settings\rc\Application Data\EurekaLog
2017-10-31 09:08 - 2017-10-31 09:13 - 000000000 ____D C:\Documents and Settings\rc\Desktop\bonamassa
2017-10-31 09:03 - 2017-10-31 09:03 - 000000000 ____D C:\Documents and Settings\rc\My Documents\new house crap
2017-10-31 08:55 - 2017-10-31 08:55 - 000000000 ____D C:\Documents and Settings\rc\My Documents\TARDIS
2017-10-31 08:39 - 2017-10-31 08:39 - 000871660 _____ C:\words.txt
2017-10-30 11:50 - 2017-11-01 18:05 - 000000000 ____D C:\Documents and Settings\rc\Desktop\tour2
2017-10-27 11:50 - 2017-10-27 11:51 - 000001943 _____ C:\WINDOWS\imsins.BAK
2017-10-25 08:01 - 2017-10-25 08:01 - 000000330 _____ C:\WINDOWS\DCEBOOT.RST
2017-10-24 13:41 - 2017-10-24 13:41 - 000377344 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean.exe
2017-10-24 13:41 - 2017-10-24 13:41 - 000025088 _____ (Trend Micro Inc.) C:\WINDOWS\DCEBoot.exe
2017-10-24 13:39 - 2017-10-24 13:39 - 000628332 _____ C:\Documents and Settings\rc\Local Settings\Application Data\census.cache
2017-10-24 13:37 - 2017-10-24 13:37 - 000243408 _____ C:\Documents and Settings\rc\Local Settings\Application Data\ars.cache
2017-10-24 13:11 - 2017-10-17 11:40 - 000326288 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-10-24 13:10 - 2017-10-24 13:10 - 000000036 _____ C:\Documents and Settings\rc\Local Settings\Application Data\housecall.guid.cache
2017-10-24 10:38 - 2017-10-24 13:04 - 000000000 ____D C:\Documents and Settings\rc\Local Settings\Application Data\ESET
2017-10-24 10:30 - 2017-11-18 10:35 - 000000000 ____D C:\Documents and Settings\rc\Desktop\forum
2017-10-20 13:22 - 2015-11-20 15:30 - 019117441 _____ C:\Documents and Settings\rc\Desktop\May 1989.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-18 10:35 - 2015-08-01 13:13 - 000000000 ____D C:\Documents and Settings\rc\Local Settings\Temp
2017-11-18 10:15 - 2015-10-22 13:15 - 000000917 _____ C:\WINDOWS\Tasks\EPSON XP-420 Series Update {7BBB417B-9E8C-44F6-9839-B17EF49A839E}.job
2017-11-18 09:59 - 2015-08-14 12:36 - 000000000 ____D C:\Program Files\Eudora
2017-11-18 09:50 - 2015-08-21 09:26 - 000000000 ____D C:\Documents and Settings\rc\My Documents\lists
2017-11-18 09:39 - 2001-08-23 12:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-18 09:37 - 2017-04-01 21:14 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-11-18 09:37 - 2017-04-01 21:14 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-11-18 08:33 - 2017-07-14 11:35 - 000000000 ____D C:\Temp
2017-11-18 08:33 - 2015-08-01 15:22 - 000000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-11-18 08:33 - 2015-08-01 13:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-17 19:57 - 2015-08-01 13:33 - 000524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-11-17 19:57 - 2015-08-01 13:13 - 000000178 ___SH C:\Documents and Settings\rc\ntuser.ini
2017-11-17 19:57 - 2015-08-01 13:13 - 000000000 ____D C:\Documents and Settings\rc
2017-11-17 19:57 - 2015-08-01 13:12 - 000032484 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-17 12:35 - 2017-07-14 11:35 - 000000472 _____ C:\WINDOWS\Tasks\Motorola Device Manager Update.job
2017-11-17 09:10 - 2015-10-17 08:26 - 000002519 _____ C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 8.lnk
2017-11-17 09:10 - 2015-10-17 08:24 - 000000000 ____D C:\Documents and Settings\rc\My Documents\My PSP8 Files
2017-11-15 18:05 - 2015-09-02 09:56 - 000000000 ____D C:\Program Files\K-Lite Codec Pack
2017-11-15 17:58 - 2015-09-02 09:57 - 000000116 _____ C:\WINDOWS\NeroDigital.ini
2017-11-14 19:17 - 2015-08-06 10:27 - 000150016 _____ C:\Documents and Settings\rc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-14 10:00 - 2015-08-01 08:49 - 000000000 ____D C:\Documents and Settings\All Users
2017-11-14 09:55 - 2017-07-14 10:49 - 000000000 ____D C:\Program Files\BitPim
2017-11-11 14:24 - 2011-05-07 15:19 - 000052736 _____ C:\Documents and Settings\rc\My Documents\bank accounts.xls
2017-11-08 15:00 - 2015-08-01 15:22 - 000000210 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-11-06 17:04 - 2017-03-26 09:45 - 000000000 ____D C:\Program Files\TotalMovieConverter
2017-11-06 13:45 - 2015-08-21 09:30 - 000000000 ____D C:\Documents and Settings\rc\Desktop\New music
2017-11-06 11:43 - 2017-02-15 15:43 - 000000000 ____D C:\Documents and Settings\rc\Application Data\uTorrent
2017-11-06 10:56 - 2016-01-14 13:19 - 000045568 _____ C:\WINDOWS\system32\realbsf1.dll
2017-11-06 10:56 - 2015-11-09 10:37 - 000069632 _____ C:\WINDOWS\system32\realbap1.dll
2017-11-05 07:52 - 2015-08-01 08:51 - 000559994 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-01 13:10 - 2015-08-21 09:27 - 000000000 ____D C:\Documents and Settings\rc\My Documents\manuals
2017-11-01 13:02 - 2015-08-21 19:23 - 000000000 ____D C:\Documents and Settings\rc\My Documents\kodak pics1
2017-10-31 09:17 - 2016-03-11 16:28 - 000000117 _____ C:\Documents and Settings\rc\default.pls
2017-10-31 08:26 - 2017-10-06 16:56 - 000000000 ____D C:\Documents and Settings\rc\Desktop\bg
2017-10-30 09:08 - 2017-08-15 12:43 - 000000000 ____D C:\Documents and Settings\rc\Desktop\tull
2017-10-30 09:06 - 2017-01-21 19:56 - 000045568 _____ C:\WINDOWS\realbsf1.dll
2017-10-30 09:06 - 2016-02-11 14:41 - 000069632 _____ C:\WINDOWS\realbap1.dll
2017-10-28 08:41 - 2017-04-14 12:48 - 000000000 ____D C:\Documents and Settings\rc\Desktop\raw
2017-10-27 13:56 - 2015-08-06 08:20 - 000000000 ____D C:\burn2
2017-10-27 11:50 - 2015-08-01 13:09 - 000001607 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2017-10-26 10:01 - 2016-02-17 19:09 - 000000000 ____D C:\Documents and Settings\rc\Start Menu\Programs\Internet
2017-10-26 09:55 - 2016-02-17 19:12 - 000000000 ____D C:\Documents and Settings\rc\Start Menu\Programs\Utilities
2017-10-26 09:54 - 2015-09-04 19:01 - 000000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2017-10-24 13:11 - 2015-08-21 09:30 - 000000000 ____D C:\Documents and Settings\rc\Desktop\pics3
2017-10-22 10:26 - 2017-04-01 21:15 - 000001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2015-08-06 10:37 - 2015-08-06 10:37 - 000087608 _____ () C:\Documents and Settings\rc\Application Data\inst.exe
2015-08-06 10:37 - 2015-08-06 10:37 - 000007887 _____ () C:\Documents and Settings\rc\Application Data\pcouffin.cat
2015-08-06 10:37 - 2015-08-06 10:37 - 000001144 _____ () C:\Documents and Settings\rc\Application Data\pcouffin.inf
2015-08-06 10:37 - 2015-08-06 10:37 - 000000034 _____ () C:\Documents and Settings\rc\Application Data\pcouffin.log
2015-08-06 10:37 - 2015-08-06 10:37 - 000047360 _____ (VSO Software) C:\Documents and Settings\rc\Application Data\pcouffin.sys
2015-08-06 15:54 - 2016-12-12 19:18 - 000001189 _____ () C:\Documents and Settings\rc\Application Data\vso_ts_preview.xml
2017-10-24 13:37 - 2017-10-24 13:37 - 000243408 _____ () C:\Documents and Settings\rc\Local Settings\Application Data\ars.cache
2017-10-24 13:39 - 2017-10-24 13:39 - 000628332 _____ () C:\Documents and Settings\rc\Local Settings\Application Data\census.cache
2015-08-06 10:27 - 2017-11-14 19:17 - 000150016 _____ () C:\Documents and Settings\rc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-10-24 13:10 - 2017-10-24 13:10 - 000000036 _____ () C:\Documents and Settings\rc\Local Settings\Application Data\housecall.guid.cache
2015-09-03 16:46 - 2015-09-03 16:49 - 000000228 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
 
Some files in TEMP:
====================
2015-07-15 18:58 - 2015-07-15 18:58 - 007063632 _____ (Google Inc.) C:\Documents and Settings\rc\Local Settings\Temp\GoogleToolbarStandaloneSetup_7_5_6710_2136.exe
2015-09-13 13:16 - 2003-04-09 12:13 - 000856064 ____N (Hewlett-Packard) C:\Documents and Settings\rc\Local Settings\Temp\hpzscr01.exe
2017-03-24 09:38 - 2008-07-10 15:04 - 000684544 _____ () C:\Documents and Settings\rc\Local Settings\Temp\INST01.dll
2017-03-05 08:17 - 2017-03-05 08:17 - 000739904 _____ (Oracle Corporation) C:\Documents and Settings\rc\Local Settings\Temp\jre-8u121-windows-au.exe
2017-09-23 08:23 - 2017-09-23 08:23 - 000740416 _____ (Oracle Corporation) C:\Documents and Settings\rc\Local Settings\Temp\jre-8u144-windows-au.exe
2015-10-31 08:09 - 2015-10-31 08:09 - 000585824 _____ (Oracle Corporation) C:\Documents and Settings\rc\Local Settings\Temp\jre-8u65-windows-au.exe
2016-06-24 19:20 - 2016-06-24 19:20 - 000739904 _____ (Oracle Corporation) C:\Documents and Settings\rc\Local Settings\Temp\jre-8u91-windows-au.exe
2001-02-09 00:00 - 2001-02-09 00:00 - 000008736 _____ (KaKTuZ / TMG.) C:\Documents and Settings\rc\Local Settings\Temp\Keygenerator.exe
2017-10-11 09:06 - 2017-10-11 08:58 - 071535032 _____ (Malwarebytes                                                ) C:\Documents and Settings\rc\Local Settings\Temp\mb3-setup-consumer-3.2.2.2029-1.0.212-1.0.2951.exe
2017-11-14 08:55 - 2017-11-13 11:37 - 078346672 _____ (Malwarebytes                                                ) C:\Documents and Settings\rc\Local Settings\Temp\mb3-setup-consumer-3.3.1.2183.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
Thank you for looking and your help!!!

 



#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,170 posts

Posted 19 November 2017 - 07:52 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:
 
ProxyEnable: [S-1-5-21-2025429265-1715567821-682003330-1003] => Proxy is enabled.
Toolbar: HKU\S-1-5-21-2025429265-1715567821-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330394&octid=EB_ORIGINAL_CTID&ISID=M8C4B5365-BF09-4808-9235-A9E2074845BA&SearchSource=55&CUI=&UM=6&UP=SPF5AB848D-3761-4A82-B5C9-99EFD6C4DA74&SSPV=
CHR StartupUrls: Default -> "hxxp://gruebane.com/","hxxp://puzzles.usatoday.com/","hxxp://binghamton.craigslist.org/"
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
 
 
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===
 
Please post the Fixlog.txt and include the Addiltion.txt file that was created by the Farbar program.
 
Let me know what problem persists.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 gruebane

gruebane

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 19 November 2017 - 09:35 AM

I completed all steps and Chrome came up and seems to be OK.  I include the FRST.txt and addition.txt but - The addition.txt is the one from yesterday, when I did the initial post - it did not generate a new one today.  I tried to run FRST again, but it said the FIXLIST.txt file was gone. I did not know if I should generate another one and try FRST again ?   Also, after I completed all steps, I ran Malwarebytes again and it did find TROVI one more time ...

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-11-2017
Ran by rc (19-11-2017 09:55:21) Run:1
Running from C:\Documents and Settings\rc\Desktop\forum
Loaded Profiles: rc (Available Profiles: rc)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:
 
ProxyEnable: [S-1-5-21-2025429265-1715567821-682003330-1003] => Proxy is enabled.
Toolbar: HKU\S-1-5-21-2025429265-1715567821-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3330394&octid=EB_ORIGINAL_CTID&ISID=M8C4B5365-BF09-4808-9235-A9E2074845BA&SearchSource=55&CUI=&UM=6&UP=SPF5AB848D-3761-4A82-B5C9-99EFD6C4DA74&SSPV=
CHR StartupUrls: Default -> "hxxp://gruebane.com/","hxxp://puzzles.usatoday.com/","hxxp://binghamton.craigslist.org/"
S4 IntelIde; no ImagePath
U1 WS2IFSL; no ImagePath
 
 
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
 
 
========= End of RemoveProxy: =========
 
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
Chrome HomePage => removed successfully.
Chrome StartupUrls => removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.
HKLM\System\CurrentControlSet\Services\WS2IFSL => key removed successfully.
WS2IFSL => service removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9771 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 486135 B
Java, Flash, Steam htmlcache => 408655 B
Windows/system/dllcache/drivers => 907461 B
Edge => 0 B
Chrome => 894969158 B
Firefox => 374377404 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 145959 B
LocalService => 628 B
NetworkService => 628 B
rc => 1597310203 B
 
RecycleBin => 7444563 B
EmptyTemp: => 2.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:57:39 ====
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2017
Ran by rc (18-11-2017 10:35:57)
Running from C:\Documents and Settings\rc\Desktop\forum
Microsoft Windows XP Professional Service Pack 3 (X86) (2015-08-01 18:11:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2025429265-1715567821-682003330-500 - Administrator - Enabled)
Guest (S-1-5-21-2025429265-1715567821-682003330-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2025429265-1715567821-682003330-1000 - Limited - Disabled)
rc (S-1-5-21-2025429265-1715567821-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\rc
SUPPORT_388945a0 (S-1-5-21-2025429265-1715567821-682003330-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Applian Network Monitor (3.0.8.1) (HKLM\...\Applian Network Monitor) (Version: 3.0.8.1 - Applian Technologies)
ATI AVIVO Codecs (HKLM\...\{2CDF3DBD-05CA-FC13-02DB-FD3EB172A61C}) (Version: 10.0.0.40103 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{DA85F579-3C60-A492-6B3F-9F4C85529C9E}) (Version: 3.0.782.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (HKLM\...\{3C8035BE-FE2E-A79D-109E-70D6DBECC541}) (Version: 3.0.782.0 - ATI Technologies) Hidden
AtomTime98 v2.1b (HKLM\...\AtomTime98 v2.1b_is1) (Version:  - )
CADKEY 98 (HKLM\...\CADKEY 98) (Version:  - )
ccc-core-static (HKLM\...\{6FDE7D2C-2D4A-561C-1434-54CC9613569C}) (Version: 2010.0706.2128.36662 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
ConvertXtoDVD 4.0.12.327 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
CuteFTP 8 Professional (HKLM\...\{91F34319-08DE-457a-99C0-0BCDFAC145B9}) (Version: 8.00.0000 - GlobalSCAPE)
EaseUS Data Recovery Wizard 7.5 (HKLM\...\EaseUS Data Recovery Wizard 7.5_is1) (Version:  - EaseUS)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-420 Series Printer Uninstall (HKLM\...\EPSON XP-420 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-420_424 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson XP-420_424 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{DF5200AB-5AE6-4598-846B-8ABC3AE121B1}) (Version: 3.0.2.0 - SEIKO EPSON Corporation)
Eudora (HKLM\...\{533A9B12-F73B-41E6-B768-A54AE11F5E8E}) (Version: 6.2 - )
GoldWave v5.12 (HKLM\...\GoldWave v5.12) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Jasc Paint Shop Pro 8.10 Update Patch (HKLM\...\Jasc Paint Shop Pro 8.10 Update Patch) (Version:  - )
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
K-Lite Mega Codec Pack 6.3.0 (HKLM\...\KLiteCodecPack_is1) (Version: 6.3.0 - )
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{BA562260-B4FA-4D87-ADC5-963783028C68}) (Version: 6.4.0 - Motorola Mobility LLC)
Mozilla Firefox 52.4.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.4.0 ESR (x86 en-US)) (Version: 52.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MTP Porting Kit (HKLM\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1004.0 - Passmark Software)
Poster-Printery 4 (HKLM\...\Poster-Printery 4) (Version:  - )
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.28.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6053 - Realtek Semiconductor Corp.)
Replay Media Catcher 6 (6.0.1.0) (HKLM\...\Replay Media Catcher 6) (Version: 6.0.1.0 - Applian Technologies)
Tag&Rename 3.9.14 (HKLM\...\Tag&Rename_is1) (Version: 3.9.14 - Softpointer Inc)
TextBridge Pro Millennium Business Edition (HKLM\...\{6E7F4ED3-0725-11D4-812E-00C04F559BE6}) (Version: 9.7.001 - ScanSoft)
TotalAudioConverter (HKLM\...\Total Audio Converter_is1) (Version: 5.1 - Softplicity, Inc.)
TotalMovieConverter (HKLM\...\Total Movie Converter_is1) (Version:  - Softplicity, Inc.)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.551  - Nullsoft, Inc)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Support Tools (HKLM\...\{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}) (Version: 5.1.2600.2180 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip (HKLM\...\WinZip) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2025429265-1715567821-682003330-1003_Classes\CLSID\{112EA537-7AB9-4e22-8BFB-7FD5FCB19849}\localserver32 -> C:\Program Files\CuteFTP 8 Pro\ftpte.exe (GlobalSCAPE Texas, LP.)
ContextMenuHandlers1: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files\CuteFTP 8 Pro\CuteShell.dll [2006-08-22] (GlobalSCAPE Texas, LP.)
ContextMenuHandlers1: [TagRenameShellExt] -> {B806EC81-446D-40C8-A955-315B8519E938} => C:\Program Files\TagRename\TRShell.dll [2015-05-12] (Sofpointer Inc)
ContextMenuHandlers1: [TagRename_ContextMenu] -> {7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} => C:\Program Files\TagRename\TRShell.dll [2015-05-12] (Sofpointer Inc)
ContextMenuHandlers1: [TotalConverter] -> {280CFDE1-1354-4431-92F3-03073BA593FB} => C:\Program Files\TotalAudioConverter\axTotalConverter.dll [2015-01-28] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] ()
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)
ContextMenuHandlers2: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files\CuteFTP 8 Pro\CuteShell.dll [2006-08-22] (GlobalSCAPE Texas, LP.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [CuteFTP 8 Professional] -> {8f7261d0-d2b9-11d2-9909-00605205b24c} => C:\Program Files\CuteFTP 8 Pro\CuteShell.dll [2006-08-22] (GlobalSCAPE Texas, LP.)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] ()
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2010-07-06] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [TagRenameShellExt] -> {B806EC81-446D-40C8-A955-315B8519E938} => C:\Program Files\TagRename\TRShell.dll [2015-05-12] (Sofpointer Inc)
ContextMenuHandlers6: [TagRename_ContextMenu] -> {7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5} => C:\Program Files\TagRename\TRShell.dll [2015-05-12] (Sofpointer Inc)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRar\rarext.dll [2007-05-05] ()
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\WZSHLSTB.DLL [2000-11-22] (WinZip Computing, Inc.)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\EPSON XP-420 Series Update {7BBB417B-9E8C-44F6-9839-B17EF49A839E}.job => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TTSNAE.EXE:/EXE:{7BBB417B-9E8C-44F6-9839-B17EF49A839E} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\rc\Start Menu\Programs\Internet\µTorrent\µTorrent Homepage.lnk -> hxxp://www.utorrent.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-07 09:31 - 2014-04-07 09:31 - 000172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2017-11-14 08:57 - 2017-11-01 08:55 - 001930696 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2008-04-14 05:42 - 2008-04-14 05:42 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
2000-05-18 12:38 - 2000-05-18 12:38 - 000180267 _____ () C:\Program Files\TextBridge Pro Millennium BE\Bin\TBMHOOK.dll
2015-08-06 10:52 - 2007-05-05 10:40 - 000128512 _____ () C:\Program Files\WinRar\rarext.dll
2010-03-16 11:22 - 2010-03-16 11:22 - 000014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2010-04-16 13:20 - 2010-04-16 13:20 - 000016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-06 20:26 - 2010-07-06 20:26 - 000270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-03-09 10:36 - 2009-03-09 10:36 - 000007168 _____ () C:\Program Files\Winamp\System\bmp.w5s
2009-03-09 10:35 - 2009-03-09 10:35 - 000024576 _____ () C:\Program Files\Winamp\System\dlmgr.w5s
2009-03-09 10:37 - 2009-03-09 10:37 - 000011264 _____ () C:\Program Files\Winamp\System\filereader.w5s
2009-03-09 10:36 - 2009-03-09 10:36 - 000017408 _____ () C:\Program Files\Winamp\System\gif.w5s
2009-03-09 10:35 - 2009-03-09 10:35 - 000013824 _____ () C:\Program Files\Winamp\System\gracenote.w5s
2009-03-09 10:43 - 2009-03-09 10:43 - 000027648 _____ () C:\Program Files\Winamp\System\jnetlib.w5s
2009-03-09 10:37 - 2009-03-09 10:37 - 000100352 _____ () C:\Program Files\Winamp\System\jpeg.w5s
2009-03-09 10:39 - 2009-03-09 10:39 - 000075776 _____ () C:\Program Files\Winamp\System\playlist.w5s
2009-03-09 10:40 - 2009-03-09 10:40 - 000094208 _____ () C:\Program Files\Winamp\System\png.w5s
2009-03-09 10:36 - 2009-03-09 10:36 - 000009728 _____ () C:\Program Files\Winamp\System\primo.w5s
2009-03-09 10:42 - 2009-03-09 10:42 - 000018944 _____ () C:\Program Files\Winamp\System\tagz.w5s
2009-03-09 10:44 - 2009-03-09 10:44 - 000026624 _____ () C:\Program Files\Winamp\System\timer.w5s
2009-03-09 10:41 - 2009-03-09 10:41 - 000087552 _____ () C:\Program Files\Winamp\System\xml.w5s
2009-03-09 10:46 - 2009-03-09 10:46 - 000107520 _____ () C:\Program Files\Winamp\Plugins\in_cdda.dll
2009-03-09 10:43 - 2009-03-09 10:43 - 000071680 _____ () C:\Program Files\Winamp\Plugins\in_dshow.dll
2009-03-09 10:36 - 2009-03-09 10:36 - 000038400 _____ () C:\Program Files\Winamp\Plugins\in_flac.dll
2009-03-09 10:36 - 2009-03-09 10:36 - 000034816 _____ () C:\Program Files\Winamp\Plugins\in_flv.dll
2009-03-09 10:46 - 2009-03-09 10:46 - 000006656 _____ () C:\Program Files\Winamp\Plugins\in_linein.dll
2009-03-09 10:46 - 2009-03-09 10:46 - 000098304 _____ () C:\Program Files\Winamp\Plugins\in_midi.dll
2009-03-09 10:46 - 2009-03-09 10:46 - 000160768 _____ () C:\Program Files\Winamp\Plugins\in_mod.dll
2009-03-09 10:45 - 2009-03-09 10:45 - 000267264 _____ () C:\Program Files\Winamp\Plugins\in_mp3.dll
2009-03-09 10:45 - 2009-03-09 10:45 - 000036864 _____ () C:\Program Files\Winamp\Plugins\in_mp4.dll
2009-03-09 10:44 - 2009-03-09 10:44 - 000069120 _____ () C:\Program Files\Winamp\Plugins\in_nsv.dll
2009-03-09 10:36 - 2009-03-09 10:36 - 000036864 _____ () C:\Program Files\Winamp\Plugins\in_swf.dll
2009-03-09 10:44 - 2009-03-09 10:44 - 000231936 _____ () C:\Program Files\Winamp\Plugins\in_vorbis.dll
2009-03-09 10:42 - 2009-03-09 10:42 - 000014848 _____ () C:\Program Files\Winamp\Plugins\in_wave.dll
2009-03-09 10:33 - 2009-03-09 10:33 - 000237568 _____ () C:\Program Files\Winamp\libsndfile.dll
2009-03-09 10:43 - 2009-03-09 10:43 - 000296960 _____ () C:\Program Files\Winamp\Plugins\in_wm.dll
2009-03-09 10:42 - 2009-03-09 10:42 - 000019456 _____ () C:\Program Files\Winamp\Plugins\out_disk.dll
2009-03-09 10:44 - 2009-03-09 10:44 - 000047104 _____ () C:\Program Files\Winamp\Plugins\out_ds.dll
2009-03-09 10:43 - 2009-03-09 10:43 - 000018432 _____ () C:\Program Files\Winamp\Plugins\out_wave.dll
2009-03-09 10:34 - 2009-03-09 10:34 - 000046592 _____ () C:\Program Files\Winamp\zlib.dll
2009-03-09 10:39 - 2009-03-09 10:39 - 000869376 _____ () C:\Program Files\Winamp\Plugins\gen_dropbox.dll
2009-03-09 10:48 - 2009-03-09 10:48 - 001502208 _____ () C:\Program Files\Winamp\Plugins\gen_ff.dll
2009-03-09 10:34 - 2009-03-09 10:34 - 000064000 _____ () C:\Program Files\Winamp\tataki.dll
2009-03-09 10:47 - 2009-03-09 10:47 - 000025600 _____ () C:\Program Files\Winamp\Plugins\gen_hotkeys.dll
2009-02-14 21:43 - 2009-02-14 21:43 - 000210432 _____ () C:\Program Files\Winamp\Plugins\gen_jumpex.dll
2009-03-09 10:47 - 2009-03-09 10:47 - 000289792 _____ () C:\Program Files\Winamp\Plugins\gen_ml.dll
2009-03-09 10:37 - 2009-03-09 10:37 - 000030208 _____ () C:\Program Files\Winamp\Plugins\ml_dash.dll
2009-03-09 10:40 - 2009-03-09 10:40 - 000020480 _____ () C:\Program Files\Winamp\Plugins\ml_nowplaying.dll
2009-03-09 10:40 - 2009-03-09 10:40 - 000277504 _____ () C:\Program Files\Winamp\Plugins\ml_local.dll
2009-03-09 10:33 - 2009-03-09 10:33 - 000087040 _____ () C:\Program Files\Winamp\nde.dll
2009-03-09 10:36 - 2009-03-09 10:36 - 000068608 _____ () C:\Program Files\Winamp\Plugins\ml_orb.dll
2009-03-09 10:39 - 2009-03-09 10:39 - 000076288 _____ () C:\Program Files\Winamp\Plugins\ml_playlists.dll
2009-03-09 10:41 - 2009-03-09 10:41 - 000240128 _____ () C:\Program Files\Winamp\Plugins\ml_online.dll
2009-03-09 10:44 - 2009-03-09 10:44 - 000189952 _____ () C:\Program Files\Winamp\Plugins\ml_wire.dll
2009-03-09 10:40 - 2009-03-09 10:40 - 000194048 _____ () C:\Program Files\Winamp\Plugins\ml_disc.dll
2009-03-09 10:42 - 2009-03-09 10:42 - 000201728 _____ () C:\Program Files\Winamp\Plugins\ml_pmp.dll
2009-03-09 10:42 - 2009-03-09 10:42 - 000104960 _____ () C:\Program Files\Winamp\Plugins\pmp_ipod.dll
2009-03-09 10:42 - 2009-03-09 10:42 - 000017920 _____ () C:\Program Files\Winamp\Plugins\pmp_njb.dll
2009-03-09 10:41 - 2009-03-09 10:41 - 000114176 _____ () C:\Program Files\Winamp\Plugins\pmp_p4s.dll
2009-03-09 10:37 - 2009-03-09 10:37 - 000042496 _____ () C:\Program Files\Winamp\Plugins\pmp_usb.dll
2009-03-09 10:40 - 2009-03-09 10:40 - 000020480 _____ () C:\Program Files\Winamp\Plugins\ml_bookmarks.dll
2009-03-09 10:40 - 2009-03-09 10:40 - 000044544 _____ () C:\Program Files\Winamp\Plugins\ml_history.dll
2009-03-09 10:35 - 2009-03-09 10:35 - 000026624 _____ () C:\Program Files\Winamp\Plugins\ml_autotag.dll
2009-03-09 10:46 - 2009-03-09 10:46 - 000045056 _____ () C:\Program Files\Winamp\Plugins\ml_impex.dll
2009-03-09 10:35 - 2009-03-09 10:35 - 000057856 _____ () C:\Program Files\Winamp\Plugins\ml_plg.dll
2009-03-09 10:46 - 2009-03-09 10:46 - 000024064 _____ () C:\Program Files\Winamp\Plugins\ml_rg.dll
2009-03-09 10:36 - 2009-03-09 10:36 - 000028160 _____ () C:\Program Files\Winamp\Plugins\ml_transcode.dll
2009-03-09 10:46 - 2009-03-09 10:46 - 000025088 _____ () C:\Program Files\Winamp\Plugins\gen_tray.dll
2009-03-09 10:43 - 2009-03-09 10:43 - 000365056 _____ () C:\Program Files\Winamp\System\aacPlusDecoder.w5s
2015-08-14 12:37 - 2005-06-16 10:48 - 000049229 _____ () C:\Program Files\Eudora\EuLang.dll
2015-08-14 12:37 - 2005-06-07 16:04 - 000049152 _____ () C:\Program Files\Eudora\xmlparse.dll
2015-08-14 12:37 - 2005-06-07 16:04 - 000073728 _____ () C:\Program Files\Eudora\xmltok.dll
2015-08-14 12:37 - 2005-06-16 10:48 - 000061540 _____ () C:\Program Files\Eudora\plstclnt.dll
2015-08-14 12:37 - 2004-08-27 10:10 - 000011264 _____ () C:\Program Files\Eudora\Plugins\Unwrap32.dll
2008-04-14 05:41 - 2008-04-14 05:41 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
2017-04-02 08:12 - 2016-09-06 11:00 - 005197312 _____ () C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2017-04-02 08:12 - 2016-09-06 11:00 - 000147456 _____ () C:\Documents and Settings\rc\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS:AstInfo [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2001-08-23 12:00 - 2001-08-23 12:00 - 000000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2025429265-1715567821-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\rc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\Event Manager\EEventManager.exe] => Enabled:EEventManager.exe
StandardProfile\AuthorizedApplications: [D:\Network\EpsonNetSetup\ENEasyApp.exe] => Enabled:EpsonNet Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\ECPrinterSetup\ENPApp.exe] => Enabled:Epson Connect Printer Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\Replay Media Catcher 6\jrmcp.exe] => Enabled:Replay Media Catcher 6
StandardProfile\AuthorizedApplications: [C:\Program Files\Replay Media Catcher 6\jbp.exe] => Enabled:Replay Media Catcher 6 DVR Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Replay Media Catcher 6\ffmpeg.exe] => Enabled:Replay Media Catcher 6 HLS Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Replay Media Catcher 6\dl.exe] => Enabled:Replay Media Catcher 6 DL Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Replay Media Catcher 6\aria2c.exe] => Enabled:Replay Media Catcher 6 Torrent Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Replay Media Catcher 6\qtCopy.exe] => Enabled:Replay Media Catcher 6 QT Module
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\utorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
==================== Restore Points =========================
 
20-08-2017 09:59:49 System Checkpoint
21-08-2017 10:33:37 System Checkpoint
22-08-2017 10:48:43 System Checkpoint
23-08-2017 15:16:03 System Checkpoint
24-08-2017 15:38:57 System Checkpoint
25-08-2017 16:34:28 System Checkpoint
28-08-2017 15:02:21 System Checkpoint
30-08-2017 09:53:47 System Checkpoint
01-09-2017 08:21:42 System Checkpoint
02-09-2017 08:32:59 System Checkpoint
04-09-2017 10:28:36 System Checkpoint
05-09-2017 10:45:01 System Checkpoint
06-09-2017 10:55:57 System Checkpoint
07-09-2017 11:43:23 System Checkpoint
08-09-2017 11:43:34 System Checkpoint
09-09-2017 12:13:47 System Checkpoint
10-09-2017 13:02:11 System Checkpoint
11-09-2017 13:49:03 System Checkpoint
12-09-2017 15:10:54 System Checkpoint
13-09-2017 15:16:40 System Checkpoint
14-09-2017 16:52:56 System Checkpoint
15-09-2017 17:11:26 System Checkpoint
16-09-2017 17:32:16 System Checkpoint
17-09-2017 17:47:21 System Checkpoint
18-09-2017 18:39:22 System Checkpoint
19-09-2017 19:19:30 System Checkpoint
21-09-2017 07:34:24 System Checkpoint
22-09-2017 08:50:01 System Checkpoint
23-09-2017 10:25:23 System Checkpoint
24-09-2017 16:56:18 System Checkpoint
26-09-2017 10:47:58 System Checkpoint
27-09-2017 12:55:56 System Checkpoint
28-09-2017 13:26:24 System Checkpoint
29-09-2017 13:52:18 System Checkpoint
30-09-2017 13:52:46 System Checkpoint
01-10-2017 14:11:33 System Checkpoint
02-10-2017 15:09:30 System Checkpoint
03-10-2017 15:36:31 System Checkpoint
04-10-2017 15:58:39 System Checkpoint
05-10-2017 16:50:39 System Checkpoint
06-10-2017 18:00:25 System Checkpoint
08-10-2017 10:37:07 System Checkpoint
09-10-2017 11:01:02 System Checkpoint
10-10-2017 11:59:51 System Checkpoint
11-10-2017 12:12:32 System Checkpoint
12-10-2017 12:29:06 System Checkpoint
13-10-2017 12:43:25 System Checkpoint
14-10-2017 13:25:50 System Checkpoint
15-10-2017 13:58:59 System Checkpoint
16-10-2017 15:33:26 System Checkpoint
16-10-2017 16:31:40 Installed TextBridge Pro Millennium Business Edition
18-10-2017 09:36:02 System Checkpoint
19-10-2017 09:37:11 System Checkpoint
20-10-2017 10:01:51 System Checkpoint
21-10-2017 10:53:24 System Checkpoint
22-10-2017 11:07:10 System Checkpoint
23-10-2017 12:15:35 System Checkpoint
24-10-2017 14:08:36 System Checkpoint
25-10-2017 15:06:47 System Checkpoint
26-10-2017 15:44:45 System Checkpoint
28-10-2017 09:31:46 System Checkpoint
29-10-2017 11:23:28 System Checkpoint
30-10-2017 12:33:00 System Checkpoint
31-10-2017 12:41:31 System Checkpoint
01-11-2017 13:35:43 System Checkpoint
03-11-2017 07:32:52 System Checkpoint
04-11-2017 08:10:57 System Checkpoint
05-11-2017 08:30:43 System Checkpoint
06-11-2017 09:27:48 System Checkpoint
07-11-2017 09:36:38 System Checkpoint
08-11-2017 10:28:52 System Checkpoint
09-11-2017 11:13:50 System Checkpoint
10-11-2017 11:48:28 System Checkpoint
11-11-2017 12:23:54 System Checkpoint
12-11-2017 12:45:51 System Checkpoint
13-11-2017 13:44:31 System Checkpoint
14-11-2017 10:00:39 Removed Browser Configuration Utility.
15-11-2017 10:15:45 System Checkpoint
16-11-2017 11:36:34 System Checkpoint
17-11-2017 12:21:01 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/10/2017 05:25:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/05/2017 04:44:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mmc.exe, version 5.2.3790.4136, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/04/2017 07:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (10/27/2017 08:42:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application jucheck.exe, version 2.8.60.27, faulting module jucheck.exe, version 2.8.60.27, fault address 0x00052d24.
Processing media-specific event for [jucheck.exe!ws!]
 
Error: (10/21/2017 10:14:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module wzshlex1.dll, version 4.0.0.0, fault address 0x00001100.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (10/21/2017 10:00:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ole32.dll, version 5.1.2600.6435, fault address 0x000503ee.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (09/25/2017 10:29:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00ff0fef.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (09/23/2017 02:07:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application jrmcp.exe, version 6.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/02/2017 12:21:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mpc-hc.exe, version 1.3.2189.0, faulting module splitter.ax, version 1.10.175.0, fault address 0x00008148.
Processing media-specific event for [mpc-hc.exe!ws!]
 
Error: (09/01/2017 08:41:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00c80fef.
Processing media-specific event for [explorer.exe!ws!]
 
 
System errors:
=============
Error: (11/09/2017 08:42:49 AM) (Source: DCOM) (EventID: 10010) (User: FROBOZZ-385B4AC)
Description: The server {46986115-84D6-459C-8F95-52DD653E532E} did not register with DCOM within the required timeout.
 
Error: (11/09/2017 08:40:36 AM) (Source: DCOM) (EventID: 10010) (User: FROBOZZ-385B4AC)
Description: The server {46986115-84D6-459C-8F95-52DD653E532E} did not register with DCOM within the required timeout.
 
Error: (11/06/2017 07:16:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HTTP SSL service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU E3400 @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 3582.42 MB
Available physical RAM: 2341.76 MB
Total Virtual: 5464.76 MB
Available Virtual: 4094.44 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100.26 GB) (Free:32.48 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (old boot) (Fixed) (Total:56.2 GB) (Free:28.76 GB) NTFS
Drive f: (tv) (Fixed) (Total:1762.76 GB) (Free:908.13 GB) NTFS
Drive g: (music) (Fixed) (Total:749.71 GB) (Free:458.57 GB) NTFS
Drive h: (warez) (Fixed) (Total:100.56 GB) (Free:71.91 GB) NTFS
Drive i: (encrypted) (Fixed) (Total:25.03 GB) (Free:23.88 GB) NTFS
Drive k: (caviar2) (Fixed) (Total:149.04 GB) (Free:136.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 03F5941E)
Partition 2: (Not Active) - (Size=149 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 11521151)
Partition 1: (Active) - (Size=100.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1762.8 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: A75CA75C)
Partition 1: (Active) - (Size=56.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=875.3 GB) - (Type=05)
 
==================== End of Addition.txt ============================

 



#4 gruebane

gruebane

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 19 November 2017 - 06:00 PM

I ran Malwarebytes one more time about 6 hours after I posted that, and it found TROVI again ...  but Chrome has seemed to work fine all day.  I am not sure if TROVI was actually causing my Chrome to block Google and keep it from the Internet.



#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,170 posts

Posted 20 November 2017 - 06:47 AM

 
Hi,
 
What Malwarebytes finds in this entry in your Chrome preference file.

PUP.Optional.Trovi, C:\DOCUMENTS AND SETTINGS\RC\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [4978], [454808],1.0.3289
 

I ran Malwarebytes one more time about 6 hours after I posted that, and it found TROVI again ...  but Chrome has seemed to work fine all day.  I am not sure if TROVI was actually causing my Chrome to block Google and keep it from the Internet.
If you still have problem using Chrome you will have to stop the Syncing and reinstall Chrome.
 
Read thes instructions and the information on the links provided before proceeding.
 
 
step1.gif Remove Chrome from your Computer and reinstall a fresh copy later.
 
step2.gif Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.
 
 
step3.gif If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data
 
 
step4.gif Clear your Chrome cache and cookies
 
 
step5.gif Remove Chrome using the the instructions on this page.
 
step6.gif Re-install Chrome and the Bookmarks.
====
 
Keep me posted.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 gruebane

gruebane

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 29 November 2017 - 08:52 AM

Uninstalled Chrome and reloaded ...  been running for several days, it seems good ...

Thank You so much - off to PayPal in your name ...



#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,170 posts

Posted 30 November 2017 - 06:21 AM

Thank you for your support.

 

If all is well.
 
To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
 
 
Simple and easy ways to keep your computer safe and secure on the Internet.
===

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!