Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

RegSvr32 error on startup


  • Please log in to reply

#1
POTATO44

POTATO44

    New Member

  • Member
  • Pip
  • 5 posts

Greetings! About a week ago I started getting this "regsvr32" error whenever I start up my computer. I have no idea what might have caused it as I haven't brought any major changes to my computer recently nor did I get some shady virus (at least, not that I know of), Here what it looks like:13428639_1068865533183922_34064364209200


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,026 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    POTATO44

    POTATO44

      New Member

    • Topic Starter
    • Member
    • Pip
    • 5 posts

    Here are the files you requested  Thank you again 

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01

    Ran by pc user (administrator) on AIDRIAN (13-06-2016 17:07:45)
    Running from C:\Users\pc user\Downloads
    Loaded Profiles: pc user (Available Profiles: pc user & Guest)
    Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Seablue\Seablue\chrome.exe" "%1")
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (LULU SOFTWARE LIMITED) C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    () C:\ProgramData\Seablue\protect\protect.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
     
     
    ==================== Registry (Whitelisted) ===========================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13764312 2014-10-23] (Realtek Semiconductor)
    HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-10] (Pixart Imaging Inc)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [623520 2011-02-01] (Zbshareware Lab)
    HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
    HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
    HKLM\...\Policies\Explorer: [HideSCAHealth] 0
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [uTorrent] => C:\Users\pc user\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-17] (BitTorrent Inc.)
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9862184 2016-04-01] ()
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [BingSvc] => C:\Users\pc user\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-22] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [Evvtion] => regsvr32.exe "C:\Users\pc user\AppData\Local\Evvtion\AddonCommsType.dll" <===== ATTENTION
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [Ad-Aware Search Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\AASearchCompanion.exe
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-10] (Valve Corporation)
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Policies\Explorer: [] 
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\Policies\Explorer: [HideSCAHealth] 0
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\MountPoints2: {1180c521-0d24-11e6-82fd-c03fd54840db} - "E:\Setup.exe" 
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\MountPoints2: {909d08ed-2ee4-11e6-8307-c03fd54840db} - "E:\Setup.exe" 
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\MountPoints2: {909d09e6-2ee4-11e6-8307-c03fd54840db} - "E:\Setup.exe" 
    HKU\S-1-5-21-857764097-2768608196-515561602-1001\...\MountPoints2: {e04aa14c-cbf7-11e5-82e7-c03fd54840db} - "E:\Setup.exe" /s
    HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
    SSODL-x32: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair.dll No File
    ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
    ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
    Startup: C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-08-05]
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (No File)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{1F3FAD69-C692-42CA-BF6B-5EBF143A0722}: [DhcpNameServer] 172.20.10.1
    Tcpip\..\Interfaces\{969DE3D7-5BB4-46AE-8537-24CFCA16E09F}: [DhcpNameServer] 192.168.1.1
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-857764097-2768608196-515561602-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-857764097-2768608196-515561602-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-857764097-2768608196-515561602-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
    BHO: Browser Extensions -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> C:\Users\pc user\AppData\Roaming\BrowserExtensions\Coupons64.dll => No File
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-11] (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-11] (Oracle Corporation)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1
    FF SelectedSearchEngine: Yahoo! Powered
    FF NewTab: about:newtab
    FF DefaultSearchEngine: Yahoo! Powered
    FF Keyword.URL: user_pref("keyword.URL", true);
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2016-04-01] ( Garena)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
    FF Plugin-x32: Soda PDF 3D Reader -> C:\Program Files (x86)\Soda PDF 3D Reader\np-previewer.dll [2015-03-06] (LULU SOFTWARE LIMITED)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-04] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-04] (Apple Inc.)
    FF SearchPlugin: C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\searchplugins\bing-.xml [2015-11-22]
    FF SearchPlugin: C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\searchplugins\yahoo! powered.xml [2016-06-12]
    FF SearchPlugin: C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\yahoo! powered.xml [2016-06-12]
    FF Extension: Bing Search - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\Extensions\[email protected] [2015-11-22]
    FF Extension: CeuTTTHePricoe - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\Extensions\[email protected] [2015-12-23] [not signed]
    FF Extension: PSFactoryBuffer - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\dp71wocd.default\Extensions\{14FF0F3D-8FCD-778F-D0A8-D76E1FF8B3FA} [2015-11-25] [not signed]
    FF Extension: "Extension Ball - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@23CF0DB7E7561D1197B45A39688A1A0123CF.xpi [2016-01-06] [not signed]
    FF Extension: Bing Search - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\[email protected] [2015-11-22]
    FF Extension: CeuTTTHePricoe - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\[email protected] [2015-12-23] [not signed]
    FF Extension: PSFactoryBuffer - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{14FF0F3D-8FCD-778F-D0A8-D76E1FF8B3FA} [2015-12-23] [not signed]
    FF Extension: Start Page - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{3c59c791-aeec-44bb-af60-ff112eea18e3} [2016-06-11]
    FF Extension: Slick Savings - C:\Users\pc user\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\{51aa69f8-8825-4def-916a-a766c5e3c0fd} [2016-06-11]
    FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
    FF HKLM-x32\...\Firefox\Extensions: [soda_pdf_3d_r[email protected]] - C:\Program Files (x86)\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension
    FF Extension: Soda PDF 3D Reader Creator - C:\Program Files (x86)\Soda PDF 3D Reader\resources\soda3dreaderfirefoxextension [2016-02-08] [not signed]
    StartMenuInternet: FIREFOX.EXE - firefox.exe
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!23CF0DB7E7561D1197B45A39688A1A0123CF.js [2015-12-23] <==== ATTENTION
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\23CF0DB7E7561D1197B45A39688A1A0123CF [2015-12-23] <==== ATTENTION
     
    Chrome: 
    =======
    CHR HomePage: Default -> hxxps://ph.search.yahoo.com/?type=715483&fr=yo-yhp-ch
    CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFFBJFhdUw1HDFERdg0VVQ5DQhhCIg4OTFwUFAUXIVxcWFxCExNBNARaUUtXUUEeGGlxR1dMc1BPIU1dBWkDTlJRIVQ="
    CHR StartupUrls: Default -> "hxxps://ph.search.yahoo.com/?type=715483&fr=yo-yhp-ch"
    CHR DefaultSearchURL: Default -> hxxps://ph.search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=715483&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> yahoo.com Search
    CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR Profile: C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (AdBlock) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-03]
    CHR Extension: (New Tab Helper 72) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmchalhobbejlbnkgkldeblaeijamhb [2016-06-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Extension Ball) - C:\Users\pc user\AppData\Local\Extension Ball\Component [2016-06-09]
    CHR Profile: C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Ask Search) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-12-23]
    CHR Extension: (Google Slides) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-23]
    CHR Extension: (Google Docs) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-23]
    CHR Extension: (Google Drive) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
    CHR Extension: (YouTube) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
    CHR Extension: (Google Search) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
    CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-12-23]
    CHR Extension: (Google Sheets) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-23]
    CHR Extension: (Google Docs Offline) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-24]
    CHR Extension: (Skype) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-23]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-23]
    CHR Extension: (Yahoo Web) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npdicihegicnhaangkdmcgbjceoemeoo [2015-12-23]
    CHR Extension: (Gmail) - C:\Users\pc user\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-857764097-2768608196-515561602-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
    CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
     
    ==================== Services (Whitelisted) ========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-05-14] (Macrovision Europe Ltd.) [File not signed]
    S3 LULU Software CrashHandler; C:\Program Files (x86)\Soda PDF 3D Reader\crash-handler-ws.exe [784152 2015-03-06] (LULU SOFTWARE LIMITED)
    R2 Seablue_protect; C:\ProgramData\Seablue\protect\protect.exe [302976 2016-05-13] ()
    S2 Seablue_update; C:\Program Files (x86)\Seablue\Seablue\bin\Seablue_server.exe [492416 2016-05-13] ()
    S2 SODA Manager; C:\ProgramData\LULU Software\Soda Manager\Soda Manager.exe [868688 2015-01-29] (LULU Software Limited)
    S3 Soda PDF 3D Reader; C:\Program Files (x86)\Soda PDF 3D Reader\ws.exe [1860888 2015-03-06] (LULU SOFTWARE LIMITED)
    R2 Soda PDF 3D Reader Creator; C:\Program Files (x86)\Soda PDF 3D Reader\creator-ws.exe [623384 2015-03-06] (LULU SOFTWARE LIMITED)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
    S2 ADSafeSvc; C:\Program Files (x86)\ADSafe\ADSafeSvc.exe [X]
    S2 UnsignedThemes; C:\Windows\unsignedthemes.exe [X]
     
    ===================== Drivers (Whitelisted) ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-12-23] (Disc Soft Ltd)
    S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2015-12-23] (Disc Soft Ltd)
    S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30264 2015-12-23] (Disc Soft Ltd)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-16] ()
    S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
    R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [40256 2014-09-27] (NVIDIA Corporation)
    S3 RZSURROUNDVADService; C:\Windows\system32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows ® Win 7 DDK provider)
    S3 SDGame; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-01-10] (Synaptics Incorporated)
    R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-10] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-04] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-04] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
    R3 gkernel; \??\C:\Users\PCUSER~1\AppData\Local\Temp\gkernel.sys [X]
    S1 jflthvvb; \??\C:\Windows\system32\drivers\jflthvvb.sys [X]
    S1 tdegpfsf; \??\C:\Windows\system32\drivers\tdegpfsf.sys [X]
    S2 uxstyle; \??\C:\Windows\system32\Drivers\uxstyle.sys [X]
    S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
    S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
    S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X]
    S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-06-13 17:07 - 2016-06-13 17:07 - 00000000 ____D C:\Users\pc user\Downloads\FRST-OlderVersion
    2016-06-13 17:06 - 2016-06-13 17:06 - 01610816 _____ (Malwarebytes) C:\Users\pc user\Downloads\JRT (2).exe
    2016-06-13 17:06 - 2016-06-13 17:06 - 00002232 _____ C:\Users\pc user\Desktop\JRT.txt
    2016-06-13 17:06 - 2016-06-13 16:59 - 00025862 _____ C:\Users\pc user\Desktop\AdwCleaner[C1].txt
    2016-06-13 17:06 - 2016-06-13 16:58 - 00029889 _____ C:\Users\pc user\Desktop\AdwCleaner[S2].txt
    2016-06-13 17:04 - 2016-06-13 17:04 - 01610816 _____ (Malwarebytes) C:\Users\pc user\Downloads\JRT (1).exe
    2016-06-13 17:02 - 2016-06-13 17:03 - 01610816 _____ (Malwarebytes) C:\Users\pc user\Downloads\JRT.exe
    2016-06-13 16:57 - 2016-06-13 16:59 - 00000000 ____D C:\AdwCleaner
    2016-06-13 16:56 - 2016-06-13 16:56 - 03677248 _____ C:\Users\pc user\Downloads\adwcleaner_5.119.exe
    2016-06-12 22:23 - 2016-06-13 15:23 - 00000296 _____ C:\Windows\Tasks\{33D39030-3DFD-5EAE-A377-7FC91AB574CE}.job
    2016-06-12 22:23 - 2016-06-12 22:23 - 00003442 _____ C:\Windows\System32\Tasks\pc userDermaCratonsV2
    2016-06-12 22:23 - 2016-06-12 22:23 - 00002634 _____ C:\Windows\System32\Tasks\{33D39030-3DFD-5EAE-A377-7FC91AB574CE}
    2016-06-12 22:23 - 2016-06-12 22:23 - 00000000 ____D C:\Users\pc user\AppData\Roaming\{33D39030-3DFD-5EAE-A377-7FC91AB574CE}
    2016-06-12 22:22 - 2016-06-12 22:23 - 00000000 ____D C:\Users\pc user\AppData\Local\DermaCratons
    2016-06-12 22:22 - 2016-06-12 22:22 - 00001204 _____ C:\Users\Public\Desktop\GOM Player.lnk
    2016-06-12 22:20 - 2016-06-12 22:21 - 00000000 ____D C:\Users\pc user\Downloads\Neighbors.2.Sorority.Rising.2016.HC.HDRip.XViD.AC3-ETRG
    2016-06-12 22:08 - 2016-06-12 23:33 - 00000000 ____D C:\Users\pc user\Downloads\Begin Again 2013 720p HDRip x264 AAC-JYK
    2016-06-12 20:43 - 2016-06-12 20:44 - 05200384 _____ (AVAST Software) C:\Users\pc user\Downloads\aswmbr.exe
    2016-06-12 20:41 - 2016-06-13 17:07 - 00024229 _____ C:\Users\pc user\Downloads\FRST.txt
    2016-06-12 20:40 - 2016-06-13 17:07 - 00000000 ____D C:\FRST
    2016-06-12 20:39 - 2016-06-13 17:07 - 02385408 _____ (Farbar) C:\Users\pc user\Downloads\FRST64.exe
    2016-06-12 15:03 - 2016-06-12 15:24 - 333274881 ____R C:\Users\pc user\Downloads\[HorribleSubs] Naruto Shippuuden - 464 [720p].mkv
    2016-06-11 18:38 - 2016-06-11 18:38 - 00000000 ____D C:\Users\pc user\Desktop\Kung Fu Panda 3 2016 1080p WEB-DL x264 AAC-JYK
    2016-06-11 15:41 - 2016-06-11 15:41 - 00348160 _____ C:\~wtFAFC.tmp
    2016-06-10 23:39 - 2016-06-10 23:40 - 00050593 _____ C:\Users\pc user\Downloads\dirtygrandpa2016bdripx264-geckos-english-84119.zip
    2016-06-10 22:52 - 2016-06-10 22:51 - 2037866461 ____N C:\Users\pc user\Desktop\Captain.America.Civil.War.2016.1080p.HDTC.FardaDownload_ir.mkv
    2016-06-09 23:02 - 2016-06-10 23:40 - 00000000 ____D C:\Users\pc user\Downloads\Dirty Grandpa (2016) [1080p] [YTS.AG]
    2016-06-09 23:02 - 2016-06-09 23:02 - 00034682 _____ C:\Users\pc user\Downloads\Dirty Grandpa (2016) [1080p] [YTS.AG].torrent
    2016-06-09 22:57 - 2016-06-10 05:18 - 00000000 ____D C:\Users\pc user\Downloads\Zootopia 2016 1080p HDRip x264 AC3-JYK
    2016-06-09 22:54 - 2016-06-10 03:52 - 00000000 ____D C:\Users\pc user\Downloads\Dr.Seuss.The.Lorax.2012.DVDRip.LiNE.XviD.AC3.HQ.Hive-CM8
    2016-06-08 23:35 - 2016-06-11 15:08 - 00000000 ____D C:\Users\pc user\AppData\Local\Chromium
    2016-06-08 23:34 - 2016-06-09 17:04 - 00000000 ____D C:\Users\pc user\AppData\Roaming\DVDVideoSoft
    2016-06-08 23:32 - 2016-06-12 23:23 - 00000000 ____D C:\Users\pc user\AppData\Local\{4F9079CC-6B38-1574-06A0-309C22C8CC04}
    2016-06-02 12:02 - 2016-06-02 12:02 - 00296840 _____ C:\Windows\Minidump\060216-6781-01.dmp
    2016-06-02 12:00 - 2016-06-02 12:00 - 00001694 _____ C:\Windows\Tasks\SeablueBrowserUpdateUA.job
    2016-06-02 12:00 - 2016-06-02 12:00 - 00001686 _____ C:\Windows\Tasks\SeablueCheckTask.job
    2016-06-02 12:00 - 2016-06-02 12:00 - 00000580 _____ C:\Windows\Tasks\SeablueBrowserUpdateCore.job
    2016-06-01 10:46 - 2016-06-03 10:16 - 341076731 _____ C:\Users\pc user\Downloads\[HorribleSubs] One Piece - 726 [720p].mkv
    2016-06-01 09:02 - 2016-06-01 10:38 - 341104549 _____ C:\Users\pc user\Downloads\[HorribleSubs] One Piece - 730 [720p].mkv
    2016-05-30 07:36 - 2016-05-30 09:51 - 341669673 _____ C:\Users\pc user\Downloads\[HorribleSubs] One Piece - 715 [720p].mkv
    2016-05-29 16:31 - 2016-05-31 07:46 - 341641647 _____ C:\Users\pc user\Downloads\[HorribleSubs] One Piece - 718 [720p].mkv
    2016-05-29 16:28 - 2016-06-01 10:24 - 341386103 _____ C:\Users\pc user\Downloads\[HorribleSubs] One Piece - 722 [720p].mkv
    2016-05-24 12:59 - 2016-06-11 15:22 - 00000000 ____D C:\ProgramData\Lenovo
    2016-05-23 18:06 - 2016-05-23 18:56 - 560083477 _____ C:\Users\pc user\Downloads\[HorribleSubs] Naruto Shippuuden - 461 [1080p].mkv
    2016-05-22 13:54 - 2016-05-22 13:54 - 00000000 ___RD C:\Users\pc user\Documents\Scanned Documents
    2016-05-22 13:54 - 2016-05-22 13:54 - 00000000 ____D C:\Users\pc user\Documents\Fax
    2016-05-19 21:29 - 2016-05-19 21:29 - 00014744 _____ C:\Windows\System32\Tasks\SeablueBrowserUpdateUA
    2016-05-19 21:29 - 2016-05-19 21:29 - 00014738 _____ C:\Windows\System32\Tasks\SeablueCheckTask
    2016-05-19 21:29 - 2016-05-19 21:29 - 00003804 _____ C:\Windows\System32\Tasks\SeablueBrowserUpdateCore
    2016-05-19 21:29 - 2016-05-19 21:29 - 00000000 ____D C:\Users\Public\Documents\Seablue
    2016-05-19 21:29 - 2016-05-19 21:29 - 00000000 ____D C:\ProgramData\Seablue
    2016-05-19 21:18 - 2016-06-13 16:53 - 00000000 ____D C:\Program Files (x86)\Seablue
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2016-06-13 17:05 - 2015-05-14 05:16 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-857764097-2768608196-515561602-1001
    2016-06-13 17:04 - 2014-03-18 18:17 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-06-13 17:04 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
    2016-06-13 17:03 - 2015-05-14 05:28 - 00000000 ____D C:\Users\pc user\AppData\Roaming\uTorrent
    2016-06-13 17:01 - 2016-02-14 15:00 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-06-13 17:01 - 2015-08-06 22:28 - 00004962 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for AIDRIAN-pc user Aidrian
    2016-06-13 17:00 - 2016-05-05 18:21 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
    2016-06-13 17:00 - 2015-07-16 10:27 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-13 17:00 - 2015-07-07 19:51 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
    2016-06-13 17:00 - 2015-05-15 09:30 - 00000000 ___DO C:\Users\pc user\OneDrive
    2016-06-13 17:00 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-13 16:59 - 2015-11-11 10:09 - 00000000 ____D C:\Program Files (x86)\Yahoo!
    2016-06-13 16:59 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2016-06-13 16:57 - 2015-07-16 10:27 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-13 16:06 - 2015-05-14 06:54 - 00000000 ____D C:\Users\pc user\AppData\Roaming\vlc
    2016-06-13 15:32 - 2016-05-05 18:21 - 00000000 ____D C:\Program Files (x86)\Garena Plus
    2016-06-13 02:00 - 2015-05-14 08:46 - 00000000 ____D C:\Users\pc user\AppData\Local\Adobe
    2016-06-12 22:23 - 2015-11-03 10:42 - 00000464 __RSH C:\ProgramData\ntuser.pol
    2016-06-12 22:22 - 2015-11-03 10:41 - 00001228 _____ C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
    2016-06-12 18:34 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-06-12 18:34 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-06-11 15:34 - 2016-04-03 19:32 - 00000000 ____D C:\Users\pc user\Downloads\Kung Fu Panda 3 2016 1080p WEB-DL x264 AAC-JYK
    2016-06-11 15:07 - 2015-08-05 23:11 - 00000000 ____D C:\Program Files\Rainmeter
    2016-06-10 23:22 - 2015-06-30 21:14 - 00000000 ___RD C:\Users\pc user\Desktop\College stuff
    2016-06-09 18:10 - 2015-11-22 19:06 - 00000000 ____D C:\Users\pc user\AppData\Roaming\Skype
    2016-06-09 11:11 - 2015-05-14 05:11 - 00000000 ____D C:\Users\pc user\AppData\Local\Packages
    2016-06-09 07:57 - 2016-01-06 20:51 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-09 07:05 - 2015-11-25 19:34 - 00000000 ____D C:\Users\pc user\AppData\Local\Evvtion
    2016-06-09 07:01 - 2015-12-23 08:30 - 00000000 ____D C:\Program Files (x86)\Intel
    2016-06-09 03:12 - 2015-05-14 05:11 - 00000000 ____D C:\Users\pc user
    2016-06-09 00:32 - 2015-11-03 11:42 - 00000195 _____ C:\Users\pc user\AppData\Roaming\WB.CFG
    2016-06-02 12:02 - 2016-02-01 00:24 - 00000000 ____D C:\Windows\Minidump
    2016-05-31 16:02 - 2015-06-09 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-05-27 01:37 - 2015-11-22 19:05 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-05-26 21:18 - 2015-05-23 10:55 - 00000000 ____D C:\Users\pc user\AppData\Roaming\GarenaPlus
    2016-05-26 21:18 - 2015-05-23 10:54 - 00000000 ____D C:\ProgramData\GarenaMessenger
    2016-05-26 21:17 - 2016-05-07 08:57 - 00000000 ____D C:\Program Files (x86)\GarenaLoLPH
    2016-05-19 21:29 - 2016-04-05 21:16 - 00002127 _____ C:\Users\pc user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-05-14 12:45 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\NDF
     
    ==================== Files in the root of some directories =======
     
    2016-05-10 13:28 - 2016-05-10 13:28 - 0045270 _____ () C:\Users\pc user\AppData\Roaming\room_v3.dat
    2015-11-03 11:42 - 2016-06-09 00:32 - 0000195 _____ () C:\Users\pc user\AppData\Roaming\WB.CFG
    2015-05-14 05:16 - 2015-05-14 05:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-06-19 09:36 - 2015-06-19 09:36 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
     
    Files to move or delete:
    ====================
    C:\Windows\Tasks\{33D39030-3DFD-5EAE-A377-7FC91AB574CE}.job
     
     
    Some files in TEMP:
    ====================
    C:\Users\pc user\AppData\Local\Temp\ADSafe.30619-10.exe
    C:\Users\pc user\AppData\Local\Temp\ADSafe.30619-12.exe
    C:\Users\pc user\AppData\Local\Temp\AutoUI.exe
    C:\Users\pc user\AppData\Local\Temp\BaiduAn.Setup.0528.4.0.0.8029_1050123308.exe
    C:\Users\pc user\AppData\Local\Temp\HY_Setup_duba04.exe
    C:\Users\pc user\AppData\Local\Temp\jre-8u71-windows-au.exe
    C:\Users\pc user\AppData\Local\Temp\jre-8u73-windows-au.exe
    C:\Users\pc user\AppData\Local\Temp\libeay32.dll
    C:\Users\pc user\AppData\Local\Temp\msvcr120.dll
    C:\Users\pc user\AppData\Local\Temp\PH_160505to160506.exe
    C:\Users\pc user\AppData\Local\Temp\PH_160506to160519.exe
    C:\Users\pc user\AppData\Local\Temp\qqpcmgr_v11.1.16908.217_78223_Silence.exe
    C:\Users\pc user\AppData\Local\Temp\qqpcmgr_v11.1.16923.222_72545_Silence.exe
    C:\Users\pc user\AppData\Local\Temp\qqpcmgr_v11.1.16923.222_72547_Silence.exe
    C:\Users\pc user\AppData\Local\Temp\qqpcmgr_v11.1.16923.222_72549_Silence.exe
    C:\Users\pc user\AppData\Local\Temp\qqpcmgr_v11.2.17063.223_73589_Silence.exe
    C:\Users\pc user\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\pc user\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\pc user\AppData\Local\Temp\sqlite3.dll
    C:\Users\pc user\AppData\Local\Temp\TwinklyUgandan.dll
    C:\Users\pc user\AppData\Local\Temp\uninst.exe
    C:\Users\pc user\AppData\Local\Temp\WebCompanionInstaller.exe
    C:\Users\pc user\AppData\Local\Temp\ytb.exe
    C:\Users\pc user\AppData\Local\Temp\{096F62AF-3705-4BBF-8D36-0E500F0EC071}.dll
    C:\Users\pc user\AppData\Local\Temp\{0A311363-F5A7-48F2-A442-E2549B328F2D}.dll
    C:\Users\pc user\AppData\Local\Temp\{166F6336-9F04-4764-9B56-665A6F45A61E}.dll
    C:\Users\pc user\AppData\Local\Temp\{19CAB985-2C95-47FA-B8B3-63FA5FDE5A27}.dll
    C:\Users\pc user\AppData\Local\Temp\{1F384ADB-89D0-4461-B6CC-7287549980F8}.dll
    C:\Users\pc user\AppData\Local\Temp\{23646C90-F133-44A3-A5DC-BF922814B163}.dll
    C:\Users\pc user\AppData\Local\Temp\{284B205E-FC56-4605-8A27-AC968F4BBDEB}.dll
    C:\Users\pc user\AppData\Local\Temp\{2B1531AC-D465-44C6-B86D-E4BC5D314244}.dll
    C:\Users\pc user\AppData\Local\Temp\{2CD5E6B6-FFEA-41A0-B566-D4C8EE6EDAF1}.dll
    C:\Users\pc user\AppData\Local\Temp\{2E986700-C5DD-4B65-9073-BF002E4E3134}.dll
    C:\Users\pc user\AppData\Local\Temp\{33875205-CAFF-4B35-95BB-FD968C4A2446}.dll
    C:\Users\pc user\AppData\Local\Temp\{35576FB5-A863-4522-88B7-28B6FAFAF56E}.dll
    C:\Users\pc user\AppData\Local\Temp\{36A01A3E-ECE0-4C3D-BB13-5E3637718BAB}.dll
    C:\Users\pc user\AppData\Local\Temp\{3A7CA92D-CBDC-4460-A724-94DF3C19D6E8}.dll
    C:\Users\pc user\AppData\Local\Temp\{419EFC88-9BC1-47CD-A518-EE95102E0342}.dll
    C:\Users\pc user\AppData\Local\Temp\{466DFD1B-9DD6-4CD9-B683-4171018E3BCA}.dll
    C:\Users\pc user\AppData\Local\Temp\{4AE1FD6D-5E83-4BF2-B0D1-E91D627F25A5}.dll
    C:\Users\pc user\AppData\Local\Temp\{59E09975-09D9-4446-8D36-11D137FC51D5}.dll
    C:\Users\pc user\AppData\Local\Temp\{6468A887-34EB-49B3-A2A4-2B34EDC49A4B}.dll
    C:\Users\pc user\AppData\Local\Temp\{64DAE3FD-36A3-4DB6-8DB6-91856F38007B}.dll
    C:\Users\pc user\AppData\Local\Temp\{6DAA8633-B042-47E0-8584-82F4FCC14253}.dll
    C:\Users\pc user\AppData\Local\Temp\{70D43CC8-1AA4-4851-90A7-5AA9257E6CB4}.dll
    C:\Users\pc user\AppData\Local\Temp\{7705897A-9999-4EE8-B90E-7AE313339D8B}.dll
    C:\Users\pc user\AppData\Local\Temp\{79732A6E-4A25-40C5-B325-7A1D15EED688}.dll
    C:\Users\pc user\AppData\Local\Temp\{7B437477-0543-42F3-B29D-144FE738EC33}.dll
    C:\Users\pc user\AppData\Local\Temp\{7C429103-5581-4007-841A-DE17FE1934C4}.dll
    C:\Users\pc user\AppData\Local\Temp\{7CC2989D-B051-47F6-9C17-0D4E9DAECC5A}.dll
    C:\Users\pc user\AppData\Local\Temp\{879BFDF9-A88A-44E9-B451-549970E66ABE}.dll
    C:\Users\pc user\AppData\Local\Temp\{979842C1-2DCB-4362-B3BB-93CE323F731A}.dll
    C:\Users\pc user\AppData\Local\Temp\{A1A30823-57F9-4498-B524-0CAF1821D694}.dll
    C:\Users\pc user\AppData\Local\Temp\{AA89F54D-298A-4126-B852-3ED0BB41F8EC}.dll
    C:\Users\pc user\AppData\Local\Temp\{AE6916DB-D0D8-4FA5-B95D-2834EF29926A}.dll
    C:\Users\pc user\AppData\Local\Temp\{B3006AB4-8DDC-4A51-BEF1-D9B567F208CD}.dll
    C:\Users\pc user\AppData\Local\Temp\{B8FD3891-EE2B-479E-9BF4-DCDF1D2AC3B3}.dll
    C:\Users\pc user\AppData\Local\Temp\{B905C6C0-0831-4DA1-A4CF-CF6BBB965DD9}.dll
    C:\Users\pc user\AppData\Local\Temp\{C2B64548-0962-40AA-9A1F-DD9AD0ECFE52}.dll
    C:\Users\pc user\AppData\Local\Temp\{C6D01889-62D4-45B2-A707-DBA1D80AF5D9}.dll
    C:\Users\pc user\AppData\Local\Temp\{C865E543-1881-4F03-8DE3-49BBE406DB20}.dll
    C:\Users\pc user\AppData\Local\Temp\{D8BED6D6-D66A-46F7-A081-ED7169548C2A}.dll
    C:\Users\pc user\AppData\Local\Temp\{E26C1BB4-CE9E-4EB1-9E66-F44EB1FC41C3}.dll
    C:\Users\pc user\AppData\Local\Temp\{E2E09D9B-29AE-46B9-A2C1-A803BE9885A3}.dll
    C:\Users\pc user\AppData\Local\Temp\{E7154392-98A3-48FF-A88A-89AB015FF5B2}.dll
    C:\Users\pc user\AppData\Local\Temp\{E7A6D082-8E10-4985-B0D4-13A8C3F59E62}.dll
    C:\Users\pc user\AppData\Local\Temp\{F01BAC7F-D52E-4CAD-BF60-AC136621CFE8}.dll
    C:\Users\pc user\AppData\Local\Temp\{F4099261-07CB-488A-9DB9-312211F0448F}.dll
    C:\Users\pc user\AppData\Local\Temp\{F6D7CC8F-AD87-4628-8241-8E2EC1116FB7}.dll
    C:\Users\pc user\AppData\Local\Temp\{F7BB008E-D64F-4F30-8DFB-292804A73D1F}.dll
    C:\Users\pc user\AppData\Local\Temp\{FB30BD43-66F6-414A-837F-54E14B12275C}.dll
    C:\Users\pc user\AppData\Local\Temp\{FD61FAAA-E081-4B07-A1BF-4D33761374BE}.dll
     
     
    ==================== Bamital & volsnap =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2016-06-07 06:52
     
    ==================== End of FRST.txt ============================

    Attached Files


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,026 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   16KB   50 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 8 Update 73
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
    Also Uninstall:
     
    Skype Click to Call (Will not hurt Skype.  This is the obnoxious browser extension which changes every random 10 digit number into a telephone link)
    YTD Toolbar v23.8 (Adware)
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    Are you seeing any problems now?

     

     


    • 0

    #5
    POTATO44

    POTATO44

      New Member

    • Topic Starter
    • Member
    • Pip
    • 5 posts

    Here's the fixlog file and I also attached the "Addition.txt" file after scanning using FRST.

     

    I rebooted my PC and the "regsvr32" was already gone.

     

    Is this all fine? I dont know much about this kinds of stuffs. And, do i need to other things? (esp about the frst, adwcleaner and jrt)

     

    Anyways,THANK YOU SO MUCH!
     

    Attached Files


    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,026 posts
    • MVP

    You are getting errors from Soda PDF 3D Reader.  I would uninstall it.  If you use it then download a fresh copy http://sodapdf.com/p...-reader?lang=en

     

    You did not post a new FRST list but it appears from the log that the fix worked OK so I guess we are done and can clean up.  This will get rid of FRST, AdwCleaner, Junkware Removal Tool and their logs:

     

    We usually clean up with Delfix.  This removes our tools and their logs and quarantines and also removes all but the latest System Restore point so there is no chance of the malware coming back with a system restore. Delfix has been a tad too aggressive recently and seems to dislike pdf files in the Downloads folder so if you have any you should move them to a different folder before running Delfix.
     
    Ensure Remove disinfection tools is ticked
    Also tick:
    Create registry backup
    Purge system restore
     
    Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply
     
     
    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.
     
    Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
     
     
    If you use Chrome/Firefox/IE then get the AdBlock Plus Add-on.  Go to adblockplus.org with each browser and get the add-on.  (It's actually a program for IE)
     
    If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
    http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..
     
    Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.
     
    Due to a recent rise in the number of Crytolocker infections I am now recommending you install:
     
    CryptoPrevent
     
     
    Last time I downloaded it you had to give them your IP address and they would send you the link to download it.  When it ran it asked if you were sure your PC was clean then it would try to allow everything on your PC to continue running.  The free version does not update on its own so you should check for updated versions once in a while.  If you have problems after installing CryptoPrevent you can just uninstall it.
     
    If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
     
    Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
     
     
    My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's an Orcas Island environmental organization that I volunteered with: http://www.kwiaht.org/donate.htm
    (The name means something like "clean place" in one of the local native-American dialects)
     
    Ron

    • 0

    #7
    POTATO44

    POTATO44

      New Member

    • Topic Starter
    • Member
    • Pip
    • 5 posts

    13428022_1069859769751165_79423594031427I haven't gotten the error on startup anymore ! thank you my good sir! one last question, why is that my google chrome logo is like that? 

     

    *I cant find the the notepad log after using the Delfix. But I got the chance to read it. all of the programs and others files were removed. 

    Again, Thank you! :D


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,026 posts
    • MVP

    Right click on the shortcut and select Properties.  (You may have to right click on Google Chrome inside the irst right click).  There should be a button at the bottom of the little window that says Change Icon.  You should see a gold icon and the usual Chrome icon. (You may get an error that it can't find the file.  Then it will show you a bunch of generice icons.  Click Browse and go to:  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe")

     

    Try switching to the gold icon then go back and switch to the normal one.  


    • 0

    #9
    POTATO44

    POTATO44

      New Member

    • Topic Starter
    • Member
    • Pip
    • 5 posts

    Thank you very much! :D i thought it was a virus or some sort. Cuz i cant change it back to its normal icon.

    Thank you again mate, for help me solve this error :D 


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP