Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegSvr32 Error - Malware?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Sharke

Sharke

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:20 PM

Posted 04 October 2017 - 11:22 AM

Whenever my computer boots up I received a RegSvr32 Error. (See attachment of screen shot). I also was advised to run FRST on my computer. The FRST log is below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2017 01
Ran by Diamond (administrator) on ACER (04-10-2017 11:41:58)
Running from C:\Users\Diamond\Downloads
Loaded Profiles: Diamond (Available Profiles: Diamond & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Windows\runSW.exe
(Realtek) C:\Windows\SwUSB.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Matrix Software) C:\Program Files (x86)\MatrixSoftware\FooBar\FooBar.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-08-10] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163776 2017-08-12] (IvoSoft)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3191728 2017-06-09] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [CursorFX] => C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [624296 2015-03-16] (Stardock Corporation)
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3097640 2015-11-13] ()
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [Ufxgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Diamond\AppData\Local\YkvbPack\lmdqavmx.dll <==== ATTENTION
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-08-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-08-29] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-06-18]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Diamond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FooBar 1.0.LNK [2015-05-17]
ShortcutTarget: FooBar 1.0.LNK -> C:\Program Files (x86)\MatrixSoftware\FooBar\FooBar.exe (Matrix Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22EA1D62-211C-4E77-AE71-5243CA943D77}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C354796D-7339-4872-A4DC-40505937E38E}: [DhcpNameServer] 192.0.2.3
Tcpip\..\Interfaces\{EB3FA720-3133-4200-89AE-96608AA9F41A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-464718250-148747909-944752478-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
HKU\S-1-5-21-464718250-148747909-944752478-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-464718250-148747909-944752478-1001 -> DefaultScope {9253AF4F-3662-41D5-88E3-2BB865A8E656} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-464718250-148747909-944752478-1001 -> {9253AF4F-3662-41D5-88E3-2BB865A8E656} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-12] (IvoSoft)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (IvoSoft)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-12-28] (Wondershare)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (IvoSoft)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (IvoSoft)
Handler: WSIEChrome - No CLSID Value
Handler: WSWSVCUchrome - No CLSID Value
 
FireFox:
========
FF ProfilePath: C:\Users\Diamond\AppData\Roaming\Mozilla\Firefox\Profiles\dnvnlqvf.default-1491016581261 [2017-10-03]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\dnvnlqvf.default-1491016581261 -> Google
FF Homepage: Mozilla\Firefox\Profiles\dnvnlqvf.default-1491016581261 -> hxxps://www.google.ca/?gws_rd=ssl
FF Extension: (Activity Stream) - C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-09-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-12-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: (Wondershare Player) - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2016-01-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt
FF Extension: (Wondershare Video Converter Ultimate) - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt [2015-12-18] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Profile: C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default [2017-10-04]
CHR Extension: (Google Slides) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-23]
CHR Extension: (Google Docs) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-23]
CHR Extension: (Google Drive) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-23]
CHR Extension: (YouTube) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-23]
CHR Extension: (Google Sheets) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-23]
CHR Extension: (Total AV Web Shield) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-23]
CHR Extension: (Gmail) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR StartupUrls: "hxxp://google.ca/"
OPR Extension: (Bookmarks Import & Export) - C:\Users\Diamond\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2017-09-28]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
S3 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2015-11-04] (Acer Incorporated)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1102864 2017-08-29] (Garmin Ltd. or its subsidiaries)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
S2 Soda PDF 8 Manager; C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe [887800 2016-04-19] (LULU Software Limited)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2017-09-27] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2017-09-27] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2017-09-27] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580144 2015-08-06] (WiseCleaner.com) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\Windows\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R0 atc; C:\Windows\System32\DRIVERS\atc.sys [950160 2017-06-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4307192 2016-11-01] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2017-06-25] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1763744 2017-09-27] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Bitdefender Antivirus Free\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [250504 2017-10-03] (BitDefender S.R.L. Bucharest, ROMANIA)
R2 ei2c; C:\Windows\system32\drivers\ei2c.sys [20784 2017-08-03] (Nicomsoft Ltd.)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-14] (REALiX™)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [27048 2017-06-13] (IObit.com)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2017-05-01] (Nicomsoft Ltd.)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [420832 2017-08-07] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R2 WiseFs; C:\Windows\WiseFs64.sys [66128 2017-09-19] (WiseCleaner.com)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-08-11] (wisecleaner.com) [File not signed]
S3 NPF; system32\drivers\NPF.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-04 11:41 - 2017-10-04 11:43 - 000021810 _____ C:\Users\Diamond\Downloads\FRST.txt
2017-10-04 11:41 - 2017-10-04 11:41 - 000000000 ____D C:\FRST
2017-10-04 11:39 - 2017-10-04 11:39 - 002399744 _____ (Farbar) C:\Users\Diamond\Downloads\FRST64.exe
2017-10-03 13:07 - 2017-10-03 13:07 - 000001153 _____ C:\Users\Diamond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2017-10-03 12:57 - 2017-10-03 12:57 - 000560575 _____ C:\Users\Diamond\AppData\Local\census.cache
2017-10-03 12:56 - 2017-10-03 12:56 - 000850773 _____ C:\Users\Diamond\AppData\Local\ars.cache
2017-10-03 12:37 - 2017-10-03 12:37 - 000000010 _____ C:\Users\Diamond\AppData\Local\sponge.last.runtime.cache
2017-10-03 12:27 - 2017-10-03 12:27 - 000000000 ____D C:\Users\Diamond\AppData\Local\Trend Micro
2017-10-03 12:26 - 2017-10-03 12:26 - 000000000 ____D C:\Windows\Trend Micro
2017-10-03 12:26 - 2017-10-03 12:26 - 000000000 ____D C:\ProgramData\Trend Micro
2017-10-03 12:23 - 2017-10-03 12:23 - 000000036 _____ C:\Users\Diamond\AppData\Local\housecall.guid.cache
2017-10-03 12:23 - 2015-05-29 03:43 - 000307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-10-03 09:05 - 2017-10-03 09:05 - 000250504 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2017-10-02 23:16 - 2017-10-02 23:16 - 000003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1506621650
2017-10-01 08:51 - 2017-10-02 23:16 - 000000000 ____D C:\PatchMyPCUpdates
2017-09-30 01:03 - 2017-10-03 13:02 - 000000000 ____D C:\ProgramData\ProductData
2017-09-29 23:15 - 2017-09-29 23:15 - 000000000 ____D C:\Users\Diamond\AppData\Local\ESET
2017-09-29 23:03 - 2017-10-04 08:32 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-09-28 18:52 - 2017-09-28 18:52 - 005375402 _____ C:\Users\Diamond\Downloads\csa_travellers_checklist_en.pdf
2017-09-28 14:00 - 2017-10-02 23:16 - 000000000 ____D C:\Program Files\Opera
2017-09-28 13:05 - 2017-09-28 13:05 - 000373592 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-27 12:46 - 2017-09-27 12:46 - 001763744 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-09-27 12:14 - 2017-09-27 12:14 - 000000000 ____D C:\ProgramData\Bitdefender
2017-09-27 12:14 - 2017-06-07 05:04 - 000950160 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2017-09-27 12:14 - 2016-03-14 22:04 - 000023672 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2017-09-27 12:11 - 2017-09-27 12:11 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\QuickScan
2017-09-27 11:34 - 2017-10-04 11:33 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-09-27 11:32 - 2017-10-04 11:33 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-09-27 11:32 - 2017-09-27 11:32 - 000050068 _____ C:\ProgramData\agent.1506526327.bdinstall.bin
2017-09-27 11:32 - 2017-09-27 11:32 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-09-27 10:53 - 2017-10-03 13:04 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-27 10:06 - 2017-09-27 10:14 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\.jocala
2017-09-27 10:06 - 2017-09-27 10:06 - 000000000 ____D C:\adbLink
2017-09-26 19:45 - 2017-09-26 19:45 - 000000223 _____ C:\Users\Diamond\Documents\friend quotes.txt
2017-09-26 09:19 - 2017-09-26 09:19 - 000000000 ____D C:\Windows\LastGood.Tmp
2017-09-26 09:17 - 2017-09-26 09:17 - 000993264 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2017-09-26 09:17 - 2017-09-26 09:17 - 000131568 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-09-23 08:53 - 2017-09-24 09:38 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-23 08:53 - 2017-09-24 09:38 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-23 08:52 - 2017-09-23 08:52 - 000191720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.150617117743703
2017-09-23 08:34 - 2017-09-23 08:34 - 000191720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.150617008167103
2017-09-22 23:33 - 2017-09-22 23:33 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\DVDFab10
2017-09-22 23:31 - 2017-09-22 23:31 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\112
2017-09-22 22:32 - 2017-09-22 22:33 - 019783876 _____ C:\Users\Diamond\Downloads\Nikon P900 Coolpix Manual.pdf
2017-09-21 23:27 - 2017-09-21 23:27 - 000000000 ____D C:\Users\Public\Documents\AKVIS
2017-09-21 11:29 - 2017-09-21 11:31 - 000004558 _____ C:\Users\Diamond\Documents\email to Stephen.txt
2017-09-19 15:10 - 2017-08-13 15:48 - 000202592 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2017-09-19 15:10 - 2017-08-13 13:52 - 000174944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2017-09-19 15:10 - 2017-08-13 13:10 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2017-09-19 15:10 - 2017-08-13 12:33 - 000252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2017-09-19 15:10 - 2017-08-10 22:54 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-19 15:10 - 2017-08-10 22:22 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-19 15:10 - 2017-08-10 22:20 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-19 15:10 - 2017-08-10 22:16 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2017-09-19 15:10 - 2017-08-10 21:57 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2017-09-19 15:10 - 2017-08-06 17:50 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-09-19 15:10 - 2017-08-06 17:20 - 000542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2017-09-19 15:10 - 2017-08-06 17:13 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2017-09-19 15:10 - 2017-08-06 03:08 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2017-09-19 15:10 - 2017-08-01 22:19 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-19 15:10 - 2017-08-01 04:25 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-18 08:48 - 2017-09-18 08:48 - 000021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2017-09-17 23:22 - 2017-09-17 23:23 - 000000000 ____D C:\Users\Diamond\Documents\Debrid Info
2017-09-17 23:22 - 2017-09-17 23:22 - 000000000 ____D C:\Users\Diamond\Documents\Receipts
2017-09-15 09:25 - 2017-09-27 11:22 - 000003168 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-464718250-148747909-944752478-1001
2017-09-14 19:38 - 2017-10-03 12:40 - 000000269 _____ C:\Users\Diamond\Desktop\to do list.txt
2017-09-14 12:34 - 2017-09-01 19:54 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-14 12:34 - 2017-09-01 19:54 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-14 12:33 - 2017-08-19 13:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-14 12:33 - 2017-08-19 12:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-14 12:33 - 2017-08-17 18:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-14 12:33 - 2017-08-17 18:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-14 12:33 - 2017-08-17 18:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-09-14 12:33 - 2017-08-17 18:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-09-14 12:33 - 2017-08-15 10:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-14 12:33 - 2017-08-15 10:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-14 12:33 - 2017-08-15 10:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-09-14 12:33 - 2017-08-15 10:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-14 12:33 - 2017-08-15 09:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-14 12:33 - 2017-08-13 14:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-14 12:33 - 2017-08-13 13:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-14 12:33 - 2017-08-13 13:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-14 12:33 - 2017-08-13 13:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-14 12:33 - 2017-08-13 12:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-14 12:33 - 2017-08-13 12:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-14 12:33 - 2017-08-13 12:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-14 12:33 - 2017-08-13 12:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-14 12:33 - 2017-08-13 12:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-14 12:33 - 2017-08-13 12:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-14 12:33 - 2017-08-13 12:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-14 12:33 - 2017-08-13 12:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-09-14 12:33 - 2017-08-13 12:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-14 12:33 - 2017-08-13 12:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-14 12:33 - 2017-08-13 12:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-09-14 12:33 - 2017-08-13 12:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-09-14 12:33 - 2017-08-13 12:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-14 12:33 - 2017-08-13 12:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-14 12:33 - 2017-08-13 12:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-14 12:33 - 2017-08-13 12:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-14 12:33 - 2017-08-13 12:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-14 12:33 - 2017-08-13 11:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-09-14 12:33 - 2017-08-13 11:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2017-09-14 12:33 - 2017-08-13 11:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-09-14 12:33 - 2017-08-13 11:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-14 12:33 - 2017-08-13 11:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-14 12:33 - 2017-08-13 11:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-14 12:33 - 2017-08-13 11:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-14 12:33 - 2017-08-13 11:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-14 12:33 - 2017-08-13 11:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-14 12:33 - 2017-08-13 11:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-14 12:33 - 2017-08-13 11:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-09-14 12:33 - 2017-08-13 11:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-09-14 12:33 - 2017-08-13 11:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-14 12:33 - 2017-08-13 11:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-14 12:33 - 2017-08-13 11:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-14 12:33 - 2017-08-13 11:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-14 12:33 - 2017-08-12 05:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-14 12:33 - 2017-08-12 05:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-14 12:33 - 2017-08-11 20:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-09-14 12:33 - 2017-08-11 19:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-14 12:33 - 2017-08-11 19:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-14 12:33 - 2017-08-11 19:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-14 12:33 - 2017-08-11 16:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-09-14 12:33 - 2017-08-11 16:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-09-14 12:33 - 2017-08-11 16:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-09-14 12:33 - 2017-08-10 23:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-14 12:33 - 2017-08-10 23:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-14 12:33 - 2017-08-10 23:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-14 12:33 - 2017-08-10 22:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-09-14 12:33 - 2017-08-10 22:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-09-14 12:33 - 2017-08-10 22:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-09-14 12:33 - 2017-08-10 22:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-09-14 12:33 - 2017-08-10 21:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-09-14 12:33 - 2017-08-10 21:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-14 12:33 - 2017-08-10 21:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-14 12:33 - 2017-08-10 21:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-14 12:33 - 2017-08-10 21:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-14 12:33 - 2017-08-06 17:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-09-14 12:33 - 2017-08-06 03:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-09-14 10:57 - 2017-09-14 10:57 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.150540102906205
2017-09-14 10:56 - 2017-09-14 10:55 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.150540102446801
2017-09-14 10:56 - 2017-09-14 10:54 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys.150540102906205
2017-09-14 10:22 - 2017-09-14 10:22 - 000000000 ____D C:\Users\Diamond\AppData\Local\ElevatedDiagnostics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-04 11:41 - 2015-05-16 22:35 - 000000000 ____D C:\Users\Diamond\AppData\Local\ClassicShell
2017-10-04 11:35 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Kijiji Info
2017-10-04 11:34 - 2014-03-18 05:47 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-04 11:34 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2017-10-04 10:11 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Word Documents
2017-10-04 10:07 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Text Files
2017-10-04 10:04 - 2015-08-27 10:47 - 000000000 ____D C:\Users\Diamond\Documents\KeyPass Backup
2017-10-04 10:04 - 2015-05-17 11:00 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\KeePass
2017-10-04 10:03 - 2017-04-25 23:19 - 000000000 ____D C:\Users\Diamond\Documents\Passwords
2017-10-04 09:57 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Movie Backups
2017-10-04 09:52 - 2015-05-22 22:37 - 000000000 ____D C:\Users\Diamond\.rainlendar2
2017-10-04 09:34 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2017-10-04 08:39 - 2015-05-16 18:42 - 000003774 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C2A4B8D2-FA3C-482A-9BD0-135EFD3A41F6}
2017-10-04 08:29 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-03 23:36 - 2015-01-22 16:31 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-10-03 20:01 - 2015-05-16 18:40 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-464718250-148747909-944752478-1001
2017-10-03 19:45 - 2017-08-14 22:18 - 000000000 ____D C:\Program Files\Franzis
2017-10-03 19:45 - 2016-02-19 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-10-03 19:33 - 2016-11-16 00:12 - 000000000 ____D C:\Users\Diamond\AppData\LocalLow\Mozilla
2017-10-03 13:03 - 2015-05-31 09:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-01 09:33 - 2016-02-20 10:58 - 000000000 ____D C:\AdwCleaner
2017-10-01 09:25 - 2015-05-16 18:43 - 000000000 ____D C:\Users\Diamond\AppData\Local\CrashDumps
2017-09-30 23:51 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-30 09:27 - 2017-03-31 16:09 - 000000000 ____D C:\Patch My PC (Updates)
2017-09-29 17:16 - 2016-04-14 19:43 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Wise Care 365
2017-09-29 16:31 - 2016-10-27 17:12 - 000000282 _____ C:\Users\Diamond\AppData\Roaming\FotoSketcher.ini
2017-09-28 18:52 - 2017-01-01 17:05 - 000000000 ____D C:\Users\Diamond\AppData\Local\Foxit Reader
2017-09-28 17:54 - 2015-05-16 22:33 - 000000000 ____D C:\ProgramData\ClassicShell
2017-09-28 17:54 - 2015-05-16 22:30 - 000000000 ____D C:\Users\Diamond\AppData\LocalLow\IObit
2017-09-28 17:48 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\registration
2017-09-28 17:43 - 2015-05-16 18:34 - 000000000 ____D C:\Users\Diamond
2017-09-28 14:01 - 2015-06-21 23:02 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Opera Software
2017-09-28 14:01 - 2015-06-21 23:02 - 000000000 ____D C:\Users\Diamond\AppData\Local\Opera Software
2017-09-28 12:59 - 2015-11-05 18:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-28 10:41 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-28 08:46 - 2017-05-06 09:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-27 11:28 - 2017-06-29 23:59 - 000000000 ____D C:\ProgramData\Avg
2017-09-27 11:28 - 2015-06-02 08:51 - 000000000 ____D C:\Users\Diamond\AppData\Local\Avg
2017-09-27 11:26 - 2017-06-29 23:59 - 000000000 ____D C:\Users\Diamond\AppData\Local\AvgSetupLog
2017-09-27 11:22 - 2017-08-31 09:38 - 000003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-09-27 11:22 - 2017-08-08 19:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-09-27 11:22 - 2016-12-13 17:42 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-09-27 11:22 - 2015-01-22 15:46 - 000002890 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-464718250-148747909-944752478-500
2017-09-27 11:05 - 2016-12-22 19:26 - 000000000 ____D C:\Users\Diamond\AppData\Local\001b5
2017-09-26 14:30 - 2015-05-17 11:57 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Mp3tag
2017-09-26 09:49 - 2015-05-18 13:10 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\HpUpdate
2017-09-26 09:49 - 2015-01-22 16:48 - 000000000 ____D C:\ProgramData\Temp
2017-09-26 09:09 - 2015-12-18 10:24 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-09-24 09:39 - 2016-12-13 17:42 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-24 09:39 - 2015-07-27 12:40 - 000003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2017-09-24 09:39 - 2015-05-16 22:28 - 000001726 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-24 09:30 - 2016-08-04 09:57 - 000003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2017-09-23 12:40 - 2015-05-16 18:35 - 000000000 ____D C:\Users\Diamond\AppData\Local\VirtualStore
2017-09-23 10:44 - 2017-06-13 08:30 - 000000000 ____D C:\Users\Diamond\AppData\Local\Google
2017-09-23 09:16 - 2016-08-10 22:35 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Raptr
2017-09-23 08:54 - 2015-06-09 09:57 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-22 23:21 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\PDF Documents
2017-09-22 23:20 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Excel
2017-09-21 23:39 - 2015-05-17 11:08 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2017-09-21 23:23 - 2015-05-17 11:38 - 000000000 ____D C:\Users\Diamond\AppData\Local\Downloaded Installations
2017-09-20 09:29 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2017-09-19 20:09 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2017-09-19 16:30 - 2017-05-23 18:47 - 000000142 ___SH C:\Windows\wisefs.dat
2017-09-19 16:30 - 2015-09-01 19:38 - 000066128 _____ (WiseCleaner.com) C:\Windows\WiseFs64.sys
2017-09-14 12:49 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2017-09-14 12:48 - 2015-05-17 00:02 - 000000000 ____D C:\Windows\system32\MRT
2017-09-14 12:42 - 2015-05-17 00:02 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-14 10:59 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-14 10:59 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-14 10:47 - 2017-05-23 18:47 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Wise Folder Hider
2017-09-14 10:47 - 2015-10-15 12:08 - 000000000 ____D C:\Users\Administrator
2017-09-14 10:47 - 2015-05-20 19:28 - 000000000 ____D C:\ProgramData\Wondershare Player
2017-09-14 10:47 - 2015-05-17 10:36 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Winamp
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\IObit
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\ProgramData\IObit
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\Program Files\CCleaner
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\Program Files (x86)\IObit
2017-09-14 10:47 - 2013-08-22 11:36 - 000000000 __RSD C:\Windows\Media
2017-09-14 10:47 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-09-14 10:47 - 2013-08-22 11:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-14 10:47 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\Sysprep
2017-09-14 10:45 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-07 18:12 - 2015-05-17 11:38 - 000000000 ____D C:\MOO40S
2017-09-07 18:11 - 2016-12-25 13:30 - 000000000 ____D C:\Users\Diamond\Documents\Breakers List
2017-09-05 11:35 - 2015-05-17 11:56 - 000000000 ____D C:\Program Files (x86)\Mp3tag
 
==================== Files in the root of some directories =======
 
2017-05-06 09:52 - 2017-05-06 09:52 - 000000045 _____ () C:\Users\Diamond\AppData\Roaming\2xdsoft_scp.settings
2016-10-27 17:12 - 2017-09-29 16:31 - 000000282 _____ () C:\Users\Diamond\AppData\Roaming\FotoSketcher.ini
2016-02-11 10:28 - 2016-03-07 20:57 - 000000353 _____ () C:\Users\Diamond\AppData\Roaming\imagetuner.ini
2015-05-17 12:29 - 2015-05-17 12:29 - 000007859 _____ () C:\Users\Diamond\AppData\Roaming\pcouffin.cat
2015-05-17 12:29 - 2015-05-17 12:29 - 000001167 _____ () C:\Users\Diamond\AppData\Roaming\pcouffin.inf
2015-05-17 12:30 - 2015-05-17 12:30 - 000000034 _____ () C:\Users\Diamond\AppData\Roaming\pcouffin.log
2015-08-22 08:24 - 2016-03-22 14:51 - 000000400 _____ () C:\Users\Diamond\AppData\Roaming\PDFShaper.ini
2017-10-03 12:56 - 2017-10-03 12:56 - 000850773 _____ () C:\Users\Diamond\AppData\Local\ars.cache
2017-10-03 12:57 - 2017-10-03 12:57 - 000560575 _____ () C:\Users\Diamond\AppData\Local\census.cache
2015-09-25 08:45 - 2016-02-15 00:05 - 000000058 _____ () C:\Users\Diamond\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2017-10-03 12:23 - 2017-10-03 12:23 - 000000036 _____ () C:\Users\Diamond\AppData\Local\housecall.guid.cache
2015-10-20 10:03 - 2015-10-20 10:04 - 000131072 _____ () C:\Users\Diamond\AppData\Local\jpegsaver.db
2015-10-20 10:03 - 2015-10-20 10:04 - 000032768 _____ () C:\Users\Diamond\AppData\Local\jpegsaver.db-shm
2015-10-20 10:03 - 2015-10-20 10:04 - 006060552 _____ () C:\Users\Diamond\AppData\Local\jpegsaver.db-wal
2015-08-22 08:24 - 2016-02-02 11:53 - 000000024 _____ () C:\Users\Diamond\AppData\Local\pdfshaper.ini
2016-12-08 23:37 - 2016-12-08 23:37 - 000000017 _____ () C:\Users\Diamond\AppData\Local\resmon.resmoncfg
2017-10-03 12:37 - 2017-10-03 12:37 - 000000010 _____ () C:\Users\Diamond\AppData\Local\sponge.last.runtime.cache
2017-06-18 11:03 - 2017-06-18 11:03 - 000000552 _____ () C:\Users\Diamond\AppData\Local\TroubleshooterConfig.json
2015-05-17 11:16 - 2015-05-17 11:16 - 000000040 ___SH () C:\ProgramData\.zreglib
2017-09-27 11:32 - 2017-09-27 11:32 - 000050068 _____ () C:\ProgramData\agent.1506526327.bdinstall.bin
2015-05-18 13:10 - 2015-05-18 13:10 - 000000057 _____ () C:\ProgramData\Ament.ini
2015-01-22 16:34 - 2015-01-22 16:34 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-03 11:35 - 2014-04-30 10:53 - 000019535 _____ () C:\ProgramData\empty.ico
2015-11-21 00:45 - 2015-11-21 00:45 - 000000097 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-28 13:20
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:20 AM

Posted 04 October 2017 - 11:27 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Sharke

Sharke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:20 PM

Posted 04 October 2017 - 01:09 PM

I ran all programs you recommended. Here are the results. No malware was found in the Malwarebytes Anti Root Kit.

 

Here is the SA log below:

 

Result of Security Analysis by Rocket Grannie (x86) Updated: 24th September, 2017
Running from:C:\Users\Diamond\Downloads (13:06:52 - 10/04/2017)
***---------------------------------------------------------***
Microsoft Windows 8.1 with Bing X64
UAC is Enabled
Internet Explorer 11
Default Browser: Internet Explorer
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Bitdefender Antivirus Free Antimalware (Disabled - up to Date)
Bitdefender Antivirus Free Antimalware (Disabled - up to Date)
Windows Defender (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
CCleaner (5.35)
Google Chrome (61.0.3163.100)
Java (8.0.1440.1)
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (56.0)
Opera (48.0.2685.35)
Windows Live Essentials (16.4.3528.0331) ==> is no longer supported
 
***----------------Analysis Complete-------------------------***
 
Here is the MBAR log:
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.10.04.06
  rootkit: v2017.09.13.01
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18793
Diamond :: ACER [administrator]
 
2017-10-04 1:08:34 PM
mbar-log-2017-10-04 (13-08-34).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 309740
Time elapsed: 34 minute(s), 25 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
Here is the adware cleaner log:
# AdwCleaner 7.0.3.0 - Logfile created on Wed Oct 04 17:59:48 2017
# Updated on 2017/28/09 by Malwarebytes 
# Running on Windows 8.1 Connected (X64)
# Mode: clean
 
***** [ Services ] *****
 
No malicious services deleted.
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
Deleted: C:\Windows\System32\drivers\DRVAGENT64.SYS
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
 
 
***** [ Registry ] *****
 
No malicious registry entries deleted.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [1054 B] - [2017/10/4 17:59:19]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
 
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:20 AM

Posted 04 October 2017 - 01:27 PM

Copy FRST / FSRT64.exe to your desktop!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt


Start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [Ufxgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Diamond\AppData\Local\YkvbPack\lmdqavmx.dll <==== ATTENTION
C:\Users\Diamond\AppData\Local\YkvbPack\lmdqavmx.dll
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-464718250-148747909-944752478-1001 -> DefaultScope {9253AF4F-3662-41D5-88E3-2BB865A8E656} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-464718250-148747909-944752478-1001 -> {9253AF4F-3662-41D5-88E3-2BB865A8E656} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Handler: WSIEChrome - No CLSID Value
Handler: WSWSVCUchrome - No CLSID Value
S3 NPF; system32\drivers\NPF.sys [X]
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.


How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:20 PM

Posted 04 October 2017 - 02:04 PM

FTR, this topic started here,

https://www.bleepingcomputer.com/forums/t/658753/regsvr32-error/#entry4350535

 I closed that one


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Sharke

Sharke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:20 PM

Posted 04 October 2017 - 02:24 PM

My computer is fine now!!  :bounce: . Seems the script you created for me worked like a charm.

 

Here is the fixlog below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-10-2017 01
Ran by Diamond (04-10-2017 15:12:22) Run:1
Running from C:\Users\Diamond\Desktop\FRST64
Loaded Profiles: Diamond (Available Profiles: Diamond & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [Ufxgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Diamond\AppData\Local\YkvbPack\lmdqavmx.dll <==== ATTENTION
C:\Users\Diamond\AppData\Local\YkvbPack\lmdqavmx.dll
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-464718250-148747909-944752478-1001 -> DefaultScope {9253AF4F-3662-41D5-88E3-2BB865A8E656} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-464718250-148747909-944752478-1001 -> {9253AF4F-3662-41D5-88E3-2BB865A8E656} URL =
hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Handler: WSIEChrome - No CLSID Value
Handler: WSWSVCUchrome - No CLSID Value
S3 NPF; system32\drivers\NPF.sys [X]
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => key removed successfully
HKU\S-1-5-21-464718250-148747909-944752478-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ufxgmedia => value removed successfully
"C:\Users\Diamond\AppData\Local\YkvbPack\lmdqavmx.dll" => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-464718250-148747909-944752478-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-464718250-148747909-944752478-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9253AF4F-3662-41D5-88E3-2BB865A8E656} => key removed successfully
HKLM\Software\Classes\CLSID\{9253AF4F-3662-41D5-88E3-2BB865A8E656} => key not found. 
hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} => Error: No automatic fix found for this entry.
HKLM\Software\Classes\PROTOCOLS\Handler\WSIEChrome => key removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => key removed successfully
HKLM\System\CurrentControlSet\Services\NPF => key removed successfully
NPF => service removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 15:13:52 ====


#7 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:20 AM

Posted 04 October 2017 - 02:31 PM

***


It Appears That Your Pc Is Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

===

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:20 AM

Posted 07 October 2017 - 01:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users