What is Advanced PC Fixer?
The Malwarebytes research team has determined that Advanced PC Fixer is a "system optimizer". These so-called "system optimizers" use intentional false positives to convince users that their systems have problems. Then they try to sell you their software, claiming it will remove these problems.
More information can be found on our Malwarebytes Labs blog.
How do I know if I am infected with Advanced PC Fixer?
This is how the main screen of the sytem optimizer looks:
You will find these icons in your taskbar, startmenu and on your desktop:
and see these warnings during install:
and these screens during "operations":
You may see this entry in your list of installed programs:
and this task in your Task Scheduler:
How did Advanced PC Fixer get on my computer?
These so-called system optimizers use different methods of getting installed. This particular one was bundled with other software.
How do I remove Advanced PC Fixer?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to:
Launch Malwarebytes Anti-Malware - Then click Finish.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- If an update is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- No, Malwarebytes' Anti-Malware removes Advanced PC Fixer completely.
- This PUP creates a scheduled task. You can read here how to check for and, if necessary, remove Scheduled Tasks.
We hope our application and this guide have helped you eradicate this system optimizer.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Advanced PC Fixer installer. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
and we block access to their domain:
Technical details for experts
You may see these entries in FRST logs:
(pcfixertools.com) C:\Program Files\Advanced PC Fixer\apcfx.exe
S2 APCFXValidator; C:\ProgramData\APCFXValidator\APCFXValidatorService.exe [29696 2016-10-10] (AppVerifierService) [File not signed]
C:\Windows\System32\Tasks\Advanced PC Fixer_Logon
C:\Users\Public\Desktop\Advanced PC Fixer.lnk
C:\Users\{username}\AppData\Roaming\pcfixertools.com
C:\Users\{username}\AppData\Roaming\FileOpenerWindows
C:\ProgramData\pcfixertools.com
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Fixer
C:\ProgramData\APCFXValidator
C:\Program Files\Advanced PC Fixer
Advanced PC Fixer (HKLM\...\{B7D186B9-8CC6-4AAA-BE07-1833E3355997}_is1) (Version: 1.0.0.16036 - pcfixertools.com)
Task: {22A8927B-BD87-439A-8290-B6C6B3C02EC9} - System32\Tasks\Advanced PC Fixer_Logon => C:\Program Files\Advanced PC Fixer\apcfx.exe [2016-10-17] (pcfixertools.com)Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
Adds the folder C:\Program Files\Advanced PC Fixer
Adds the file apcfx.exe"="10/17/2016 4:03 PM, 2204352 bytes, A
Adds the file apcfx.exe.config"="10/10/2016 4:23 PM, 4011 bytes, A
Adds the file APCFXContent.dll"="10/17/2016 4:02 PM, 14646784 bytes, A
Adds the file danish_iss.ini"="9/9/2016 4:17 PM, 2402 bytes, A
Adds the file Dutch_iss.ini"="9/9/2016 4:17 PM, 2600 bytes, A
Adds the file english_iss.ini"="9/9/2016 4:17 PM, 2256 bytes, A
Adds the file finish_iss.ini"="9/9/2016 4:17 PM, 2368 bytes, A
Adds the file French_iss.ini"="9/9/2016 4:17 PM, 2792 bytes, A
Adds the file german_iss.ini"="9/9/2016 4:17 PM, 2658 bytes, A
Adds the file HtmlRenderer.dll"="9/9/2016 4:21 PM, 221696 bytes, A
Adds the file HtmlRenderer.WinForms.dll"="9/9/2016 4:21 PM, 60416 bytes, A
Adds the file Interop.IWshRuntimeLibrary.dll"="10/17/2016 4:03 PM, 55488 bytes, A
Adds the file italian_iss.ini"="9/9/2016 4:17 PM, 2552 bytes, A
Adds the file japanese_iss.ini"="9/9/2016 4:17 PM, 1844 bytes, A
Adds the file langs.db"="10/13/2016 1:39 PM, 402432 bytes, A
Adds the file Microsoft.Win32.TaskScheduler.dll"="9/9/2016 4:21 PM, 171008 bytes, A
Adds the file NAudio.dll"="9/9/2016 4:21 PM, 471040 bytes, A
Adds the file norwegian_iss.ini"="9/9/2016 4:17 PM, 2358 bytes, A
Adds the file portuguese_iss.ini"="9/9/2016 4:17 PM, 2424 bytes, A
Adds the file russian_iss.ini"="9/9/2016 4:17 PM, 2494 bytes, A
Adds the file spanish_iss.ini"="9/9/2016 4:17 PM, 2548 bytes, A
Adds the file swedish_iss.ini"="9/9/2016 4:17 PM, 2270 bytes, A
Adds the file System.Data.SQLite.DLL"="9/9/2016 4:21 PM, 290816 bytes, A
Adds the file TAFactory.IconPack.dll"="9/9/2016 4:21 PM, 36864 bytes, A
Adds the file TaskScheduler.dll"="10/17/2016 4:03 PM, 47296 bytes, A
Adds the file unins000.dat"="12/2/2016 8:59 AM, 76099 bytes, A
Adds the file unins000.exe"="12/2/2016 8:57 AM, 1209536 bytes, A
Adds the file unins000.msg"="12/2/2016 8:59 AM, 22701 bytes, A
Adds the folder C:\Program Files\Advanced PC Fixer\x64
Adds the file SQLite.Interop.dll"="9/1/2016 11:44 AM, 1175552 bytes, A
Adds the folder C:\Program Files\Advanced PC Fixer\x86
Adds the file SQLite.Interop.dll"="9/1/2016 11:44 AM, 854528 bytes, A
Adds the folder C:\ProgramData\APCFXValidator
Adds the file APCFXValidatorService.exe"="10/10/2016 7:37 PM, 29696 bytes, A
Adds the file APCFXValidatorService.exe.config"="10/10/2016 5:42 PM, 1470 bytes, A
Adds the file APCFXValidatorService.InstallLog"="12/2/2016 8:59 AM, 717 bytes, A
Adds the file APCFXValidatorService.InstallState"="12/2/2016 8:59 AM, 5012 bytes, A
Adds the file InstallUtil.InstallLog"="12/2/2016 8:59 AM, 672 bytes, A
Adds the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Fixer
Adds the file Advanced PC Fixer.lnk"="12/2/2016 8:59 AM, 874 bytes, A
Adds the file Buy Advanced PC Fixer.lnk"="12/2/2016 8:59 AM, 886 bytes, A
Adds the file Uninstall Advanced PC Fixer.lnk"="12/2/2016 8:59 AM, 893 bytes, A
Adds the folder C:\ProgramData\pcfixertools.com\Advanced PC Fixer
Adds the file mdb.db"="9/9/2016 4:17 PM, 835584 bytes, A
Adds the file pcspstartrepair_en.mp3"="9/9/2016 4:17 PM, 130973 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\FileOpenerWindows
Adds the file langswfo.db"="10/13/2016 1:39 PM, 16384 bytes, A
Adds the file System.Data.SQLite.DLL"="9/9/2016 4:21 PM, 290816 bytes, A
Adds the file wfo.exe"="10/17/2016 4:03 PM, 74432 bytes, A
Adds the file wfo.exe.config"="9/9/2016 4:21 PM, 894 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x64
Adds the file SQLite.Interop.dll"="9/1/2016 11:44 AM, 1175552 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x86
Adds the file SQLite.Interop.dll"="9/1/2016 11:44 AM, 854528 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer
Adds the file common_desktop.gif"="12/2/2016 8:59 AM, 15950 bytes, A
Adds the file common_desktopscan.gif"="12/2/2016 8:59 AM, 15950 bytes, A
Adds the file Errorlog.txt"="12/2/2016 9:00 AM, 15180 bytes, A
Adds the file exlist.bin"="12/2/2016 8:59 AM, 258049 bytes, A
Adds the file res.xml"="12/2/2016 9:00 AM, 12810 bytes, A
Adds the folder C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer\smico
In the existing folder C:\Users\Public\Desktop
Adds the file Advanced PC Fixer.lnk"="12/2/2016 8:59 AM, 856 bytes, A
In the existing folder C:\Windows\System32\Tasks
Adds the file Advanced PC Fixer_Logon"="12/2/2016 8:59 AM, 3046 bytes, A
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\apcfx-pr]
"affiliateid"="REG_SZ", ""
"btnid"="REG_SZ", ""
"country"="REG_SZ", "nl"
"LangCode"="REG_SZ", "en"
"lpid"="REG_SZ", ""
"phone"="REG_SZ", ""
"utm_campaign"="REG_SZ", ""
"utm_medium"="REG_SZ", ""
"utm_pubid"="REG_SZ", ""
"utm_source"="REG_SZ", "velmapcf"
"x-at"="REG_SZ", ""
"x-context"="REG_SZ", ""
"x-plt"="REG_SZ", ""
"x-var1"="REG_SZ", ""
[HKEY_LOCAL_MACHINE\SOFTWARE\APCFXValidatorService\APCFXValidatorService]
"country"="REG_SZ", "nl"
[HKEY_LOCAL_MACHINE\SOFTWARE\cGNmaXhlcnRvb2xzLmNvbQ==\QWR2YW5jZWQgUEMgRml4ZXI=\ACT]
"data"="REG_BINARY, ...................................................................................................................................................................................................................................................................................................................................
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
"(Default)" = REG_SZ, "C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe "%1""
"windowsfileopener.Dat"="REG_SZ", "C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg\command]
"(Default)" = REG_SZ, "C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe "%1""
"windowsfileopener.Dat"="REG_SZ", "C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B7D186B9-8CC6-4AAA-BE07-1833E3355997}_is1]
"DisplayIcon"="REG_SZ", "C:\Program Files\Advanced PC Fixer\apcfx.exe"
"DisplayName"="REG_SZ", "Advanced PC Fixer"
"DisplayVersion"="REG_SZ", "1.0.0.16036"
"EstimatedSize"="REG_DWORD", 39004
"HelpLink"="REG_SZ", "http://www.pcfixertools.com/help/"
"Inno Setup: App Path"="REG_SZ", "C:\Program Files\Advanced PC Fixer"
"Inno Setup: Icon Group"="REG_SZ", "Advanced PC Fixer"
"Inno Setup: Language"="REG_SZ", "en"
"Inno Setup: Setup Version"="REG_SZ", "5.5.5 (u)"
"Inno Setup: User"="REG_SZ", "{username}"
"InstallDate"="REG_SZ", "20161202"
"InstallLocation"="REG_SZ", "C:\Program Files\Advanced PC Fixer\"
"MajorVersion"="REG_DWORD", 1
"MinorVersion"="REG_DWORD", 0
"NoModify"="REG_DWORD", 1
"NoRepair"="REG_DWORD", 1
"Publisher"="REG_SZ", "pcfixertools.com"
"QuietUninstallString"="REG_SZ", ""C:\Program Files\Advanced PC Fixer\unins000.exe" /SILENT"
"UninstallString"="REG_SZ", ""C:\Program Files\Advanced PC Fixer\unins000.exe""
"URLInfoAbout"="REG_SZ", "http://www.pcfixertools.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\pcfixertools.com\Advanced PC Fixer]
"affired"="REG_DWORD", 1
"afterInstallUrl"="REG_SZ", "http://www.pcfixertools.com/apcfx/afterinstall/?"
"cbkpoff"="REG_DWORD", 1
"country"="REG_SZ", "nl"
"cta"="REG_DWORD", 0
"dlllist"="REG_SZ", "PSMACHINE_64.DLL,MSSPELLCHECKINGFACILITY.DLL"
"EmailURL"="REG_SZ", "[email protected]"
"expired"="REG_DWORD", 0
"hdata"="REG_BINARY, .................................................................................................................................................................................................................................................................................................................................................................
"Installstring"="REG_SZ", "C:\Program Files\Advanced PC Fixer"
"ipaddrurl"="REG_SZ", "http://www.pcfixertools.com/getIpAddress.asp"
"issilent"="REG_DWORD", 0
"ISTELNO"="REG_DWORD", 1
"LangCode"="REG_SZ", "en"
"lstregscancount"="REG_DWORD", 33
"lstscandate"="REG_SZ", "12/2/2016 9:00:55 AM"
"lstscanstat"="REG_DWORD", 2
"lstsecscancount"="REG_DWORD", 0
"lsttotalscancount"="REG_DWORD", 33
"paramurl"="REG_SZ", "http://trkr.pcfixertools.com/ipfiles/"
"prereg"="REG_DWORD", 0
"PurchaseURL"="REG_SZ", "http://pcfixertools.safemart.store/price.asp?"
"pxl"="REG_SZ", "vel1229_vel1206_runt"
"reg"="REG_DWORD", 0
"RenewURL"="REG_SZ", "http://pcfixertools.safemart.store/renewal.asp?"
"runcam"="REG_DWORD", 1
"showtn"="REG_DWORD", 0
"showunins"="REG_DWORD", 1
"showwfo"="REG_DWORD", 1
"stdismax"="REG_DWORD", -1
"supporturl"="REG_SZ", "http://www.pcfixertools.com/help/"
"TELNO"="REG_SZ", "+31-08-58882839"
"TELNO_at"="REG_SZ", "(800)-180-0926"
"TELNO_au"="REG_SZ", "(61)280-733403"
"TELNO_ch"="REG_SZ", "(800)-180-0926"
"TELNO_de"="REG_SZ", "(800)-180-0926"
"TELNO_dk"="REG_SZ", "+45-7877-3648"
"TELNO_fr"="REG_SZ", "(334)-88627945"
"TELNO_gb"="REG_SZ", "0800-031-5066"
"TELNO_ja"="REG_SZ", "0120-993-506"
"TELNO_jp"="REG_SZ", "0120-993-506"
"TELNO_lu"="REG_SZ", "(800)-180-0926"
"TELNO_nl"="REG_SZ", "+31-08-58882839"
"TELNO_no"="REG_SZ", "0047-2195-4400"
"TELNO_se"="REG_SZ", "+46-08124-10298"
"TELNO_uk"="REG_SZ", "0800-031-5066"
"TELNO_us"="REG_SZ", "(855)-332-0124"
"utm_source"="REG_SZ", "velmapcf"
"vendorLogo"="REG_SZ", "res://APCFXContent.dll/jpg/common_logo.jpg"
"vendorMachineAvi"="REG_SZ", "C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer\common_desktop.gif"
"vendorMachineAvi1"="REG_SZ", "C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer\common_desktopscan.gif"
"WebURL"="REG_SZ", "http://www.pcfixertools.com/"
"wfoset"="REG_DWORD", 1
"x-ccode"="REG_SZ", "nl"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\APCFXValidator]
"Description"="REG_SZ", "APCFX Validator"
"DisplayName"="REG_SZ", "APCFX Validator"
"ErrorControl"="REG_DWORD", 1
"ImagePath"="REG_EXPAND_SZ, ""C:\ProgramData\APCFXValidator\APCFXValidatorService.exe""
"ObjectName"="REG_SZ", "LocalSystem"
"Start"="REG_DWORD", 2
"Type"="REG_DWORD", 16
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\APCFXValidator]
"EventMessageFile"="REG_EXPAND_SZ, "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9f0e3f2d_0]
"(Default)"="REG_SZ", "{0.0.0.00000000}.{6256f43c-1fdb-48f9-92d4-02b7de615556}|\Device\HarddiskVolume2\Program Files\Advanced PC Fixer\apcfx.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Multimedia\Audio Compression Manager\MSACM]
[HKEY_CURRENT_USER\Software\Microsoft\Multimedia\Audio Compression Manager\Priority v4.00]
[HKEY_CURRENT_USER\Software\pcfixertools.com\Advanced PC Fixer]
"Installstring"="REG_SZ", "C:\Program Files\Advanced PC Fixer"
"LangCode"="REG_SZ", "en"
"utm_source"="REG_SZ", "velmapcf"
[HKEY_CURRENT_USER\Software\pcfixertools.com\Advanced PC Fixer\1.0.0.16036]
Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/2/2016
Scan Time: 9:11 AM
Logfile: mbamAdvancedPCFixer.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.12.02.03
Rootkit Database: v2016.11.20.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303583
Time Elapsed: 8 min, 32 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\apcfx.exe, 5784, Delete-on-Reboot, [266502e01b7fb87ea51525c1de25ec14]
Modules: 0
(No malicious items detected)
Registry Keys: 10
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND, Quarantined, [7a111cc6c6d46ec871b2f5b851b2f010],
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND, Quarantined, [0388df037b1fea4c35f0edc0eb18649c],
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\WOW6432NODE\UNKNOWN\SHELL\OPENAS\COMMAND, Quarantined, [e1aa746ed5c5c47281a21d90ff046a96],
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\UNKNOWN\SHELL\OPENDLG\COMMAND, Quarantined, [6d1e35ad1f7b60d612138b2205fea759],
PUP.Optional.AdvancedPCFixer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22A8927B-BD87-439A-8290-B6C6B3C02EC9}, Delete-on-Reboot, [99f24e94cbcfbf77a292df08907333cd],
PUP.Optional.AdvancedPCFixer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced PC Fixer_Logon, Delete-on-Reboot, [7d0eebf7f5a563d3141ffcebbe4533cd],
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND, Quarantined, [2467944e4b4ff541e73c5756c43f9f61],
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND, Quarantined, [b5d6fce6cdcddd59f82d2786dd261be5],
PUP.Optional.AdvancedPCFixer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\APCFXValidator, Quarantined, [abe00ad8a2f8a2944181f9edeb18da26],
PUP.Optional.AdvancedPCFixer, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B7D186B9-8CC6-4AAA-BE07-1833E3355997}_is1, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
Registry Values: 13
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe "Quarantined", [7a111cc6c6d46ec871b2f5b851b2f010], %5
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND|windowsfileopener.Dat, C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL Quarantined, [79121fc329712313ff2308a5bf44ef11], %5
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe "Quarantined", [0388df037b1fea4c35f0edc0eb18649c], %5
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND|windowsfileopener.Dat, C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL Quarantined, [eaa132b0f4a61620968e5a5313f09967], %5
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\WOW6432NODE\UNKNOWN\SHELL\OPENAS\COMMAND, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe "Quarantined", [e1aa746ed5c5c47281a21d90ff046a96], %5
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\CLASSES\WOW6432NODE\UNKNOWN\SHELL\OPENAS\COMMAND|windowsfileopener.Dat, C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL Quarantined, [4843835ff9a10b2bfb27921bf70caa56], %5
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\UNKNOWN\SHELL\OPENDLG\COMMAND, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe "Quarantined", [6d1e35ad1f7b60d612138b2205fea759], %5
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\CLASSES\WOW6432NODE\UNKNOWN\SHELL\OPENDLG\COMMAND|windowsfileopener.Dat, C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL Quarantined, [9fecf8ea5d3dff3765bfa10cd52e4bb5], %5
PUP.Optional.AdvancedPCFixer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{22A8927B-BD87-439A-8290-B6C6B3C02EC9}|Path, \Advanced PC Fixer_Logon, Delete-on-Reboot, [99f24e94cbcfbf77a292df08907333cd]
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe "Quarantined", [2467944e4b4ff541e73c5756c43f9f61], %5
PUP.Optional.WindowsFileOpener, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UNKNOWN\SHELL\OPENAS\COMMAND|windowsfileopener.Dat, C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL Quarantined, [7d0e2ab8d7c3cd69c65cbcf156adad53], %5
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe "Quarantined", [b5d6fce6cdcddd59f82d2786dd261be5], %5
PUP.Optional.AdvanceSystemCare, HKLM\SOFTWARE\WOW6432NODE\CLASSES\UNKNOWN\SHELL\OPENDLG\COMMAND|windowsfileopener.Dat, C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,OpenAs_RunDLL Quarantined, [dbb0ac366d2dda5c6abaa904887b9c64], %5
Registry Data: 0
(No malicious items detected)
Folders: 13
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows, Quarantined, [c5c6756d1387a88e62a05f73c83aa15f],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x64, Quarantined, [c5c6756d1387a88e62a05f73c83aa15f],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x86, Quarantined, [c5c6756d1387a88e62a05f73c83aa15f],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer, Delete-on-Reboot, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\x64, Delete-on-Reboot, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\x86, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Fixer, Quarantined, [4348717181193ef81aa3f8ee38cb8a76],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\pcfixertools.com, Delete-on-Reboot, [9cefb42ef2a8c96df8c6f8ee8e755aa6],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\pcfixertools.com\Advanced PC Fixer, Delete-on-Reboot, [9cefb42ef2a8c96df8c6f8ee8e755aa6],
PUP.Optional.AdvancedPCFixer, C:\Users\{username}\AppData\Roaming\pcfixertools.com, Quarantined, [2566de046d2dbf7707b7d016d132b34d],
PUP.Optional.AdvancedPCFixer, C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer, Quarantined, [2566de046d2dbf7707b7d016d132b34d],
PUP.Optional.AdvancedPCFixer, C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer\smico, Quarantined, [2566de046d2dbf7707b7d016d132b34d],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\APCFXValidator, Quarantined, [7b10fde57723f046ae1123c3d231f40c],
Files: 54
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\apcfx.exe, Delete-on-Reboot, [266502e01b7fb87ea51525c1de25ec14],
PUP.Optional.AdvancedPCFixer, C:\Users\{username}\Desktop\apcfxvelma.exe, Quarantined, [5239964cbedc42f4b703e60044bffb05],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe.config, Quarantined, [c5c6756d1387a88e62a05f73c83aa15f],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\langswfo.db, Quarantined, [c5c6756d1387a88e62a05f73c83aa15f],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\System.Data.SQLite.DLL, Quarantined, [c5c6756d1387a88e62a05f73c83aa15f],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\wfo.exe, Quarantined, [c5c6756d1387a88e62a05f73c83aa15f],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x64\SQLite.Interop.dll, Quarantined, [c5c6756d1387a88e62a05f73c83aa15f],
PUP.Optional.WindowsFileOpener, C:\Users\{username}\AppData\Roaming\FileOpenerWindows\x86\SQLite.Interop.dll, Quarantined, [c5c6756d1387a88e62a05f73c83aa15f],
PUP.Optional.AdvancedPCFixer, C:\Users\Public\Desktop\Advanced PC Fixer.lnk, Quarantined, [cfbc776b712948ee01badb0b798a7b85],
PUP.Optional.AdvancedPCFixer, C:\Windows\System32\Tasks\Advanced PC Fixer_Logon, Quarantined, [1675538f77231125ba786a7d50b33cc4],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\APCFXValidator\APCFXValidatorService.exe, Quarantined, [abe00ad8a2f8a2944181f9edeb18da26],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\Interop.IWshRuntimeLibrary.dll, Delete-on-Reboot, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\apcfx.exe.config, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\APCFXContent.dll, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\danish_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\Dutch_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\english_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\finish_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\French_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\german_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\HtmlRenderer.dll, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\HtmlRenderer.WinForms.dll, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\italian_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\japanese_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\langs.db, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\Microsoft.Win32.TaskScheduler.dll, Delete-on-Reboot, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\NAudio.dll, Delete-on-Reboot, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\norwegian_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\portuguese_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\russian_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\spanish_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\swedish_iss.ini, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\System.Data.SQLite.DLL, Delete-on-Reboot, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\TAFactory.IconPack.dll, Delete-on-Reboot, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\TaskScheduler.dll, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\unins000.dat, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\unins000.exe, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\unins000.msg, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\x64\SQLite.Interop.dll, Delete-on-Reboot, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\Program Files\Advanced PC Fixer\x86\SQLite.Interop.dll, Quarantined, [c2c93ea49a00aa8c9c205690d33006fa],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Fixer\Advanced PC Fixer.lnk, Quarantined, [4348717181193ef81aa3f8ee38cb8a76],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Fixer\Buy Advanced PC Fixer.lnk, Quarantined, [4348717181193ef81aa3f8ee38cb8a76],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Fixer\Uninstall Advanced PC Fixer.lnk, Quarantined, [4348717181193ef81aa3f8ee38cb8a76],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\pcfixertools.com\Advanced PC Fixer\mdb.db, Delete-on-Reboot, [9cefb42ef2a8c96df8c6f8ee8e755aa6],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\pcfixertools.com\Advanced PC Fixer\pcspstartrepair_en.mp3, Delete-on-Reboot, [9cefb42ef2a8c96df8c6f8ee8e755aa6],
PUP.Optional.AdvancedPCFixer, C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer\common_desktop.gif, Quarantined, [2566de046d2dbf7707b7d016d132b34d],
PUP.Optional.AdvancedPCFixer, C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer\common_desktopscan.gif, Quarantined, [2566de046d2dbf7707b7d016d132b34d],
PUP.Optional.AdvancedPCFixer, C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer\Errorlog.txt, Quarantined, [2566de046d2dbf7707b7d016d132b34d],
PUP.Optional.AdvancedPCFixer, C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer\exlist.bin, Quarantined, [2566de046d2dbf7707b7d016d132b34d],
PUP.Optional.AdvancedPCFixer, C:\Users\{username}\AppData\Roaming\pcfixertools.com\Advanced PC Fixer\res.xml, Quarantined, [2566de046d2dbf7707b7d016d132b34d],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\APCFXValidator\APCFXValidatorService.exe.config, Quarantined, [7b10fde57723f046ae1123c3d231f40c],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\APCFXValidator\APCFXValidatorService.InstallLog, Quarantined, [7b10fde57723f046ae1123c3d231f40c],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\APCFXValidator\APCFXValidatorService.InstallState, Quarantined, [7b10fde57723f046ae1123c3d231f40c],
PUP.Optional.AdvancedPCFixer, C:\ProgramData\APCFXValidator\InstallUtil.InstallLog, Quarantined, [7b10fde57723f046ae1123c3d231f40c],
Physical Sectors: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
