Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Wondershare removal...FRST will not complete.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Wondershare removal...FRST will not complete.

Unread postby hrbngr » January 9th, 2018, 7:27 pm

Incomplete scan results from the FRST tool: ( picture attached of where scanner stops working)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by jba (administrator) on JBA-GAMER-2011 (08-01-2018 17:42:40)
Running from C:\Users\jba\Downloads
Loaded Profiles: jba (Available Profiles: jba)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(IVPN Limited) C:\Program Files\IVPN Client\IVPN Service.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Subhra Das Gupta) C:\Program Files (x86)\Subhra Das Gupta\Xtreme Download Manager\xdm.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\\WsAppService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [IVPN Client Runtime Warmup] => C:\Program Files\IVPN Client\IVPN Client.exe [819712 2016-02-10] (IVPN Limited)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-12-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2542263326-912892230-2163253663-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-13] (Ruiware)
HKU\S-1-5-21-2542263326-912892230-2163253663-1000\...\Run: [XDM] => C:\Program Files (x86)\Subhra Das Gupta\Xtreme Download Manager\xdm.exe [726016 2016-07-15] (Subhra Das Gupta)
HKU\S-1-5-21-2542263326-912892230-2163253663-1000\...\MountPoints2: {c84af092-e846-11e0-9e02-e715ad01881b} - D:\LaunchU3.exe -a
HKU\S-1-5-21-2542263326-912892230-2163253663-1000\...\MountPoints2: {f1958bcd-0d28-11e7-af3b-14dae90afe68} - V:\autorun.exe
HKU\S-1-5-18\...\Run: [XDM] => C:\Program Files (x86)\Subhra Das Gupta\Xtreme Download Manager\xdm.exe [726016 2016-07-15] (Subhra Das Gupta)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{90B3F157-1683-4393-80E5-2D49DA8AA26E}: [DhcpNameServer]

Internet Explorer:
HKU\S-1-5-21-2542263326-912892230-2163253663-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2542263326-912892230-2163253663-1000 -> {4604F251-914E-4F23-B0C2-F5CA08CEB46E} URL = hxxp://www.bing.com/search?FORM=U453DF&PC=U453&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2542263326-912892230-2163253663-1000 -> {5D409252-4A09-4DDF-8CB4-9EC0BE0E7CC8} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-20] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2542263326-912892230-2163253663-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} hxxps://www36.verizon.com/FiOSVoice/UnP ... VMUtil.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXc ... atgpc1.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FF ProfilePath: C:\Users\jba\AppData\Roaming\Mozilla\Firefox\Profiles\v7hd04n3.default [2018-01-08]
FF Session Restore: Mozilla\Firefox\Profiles\v7hd04n3.default -> is enabled.
FF Extension: (Colour That Site!) - C:\Users\jba\AppData\Roaming\Mozilla\Firefox\Profiles\v7hd04n3.default\Extensions\ColourThatSite@einspeiser.de.xpi [2017-07-11] [Legacy]
FF Extension: (uBlock Origin) - C:\Users\jba\AppData\Roaming\Mozilla\Firefox\Profiles\v7hd04n3.default\Extensions\uBlock0@raymondhill.net.xpi [2017-12-15]
FF Extension: (RightToClick) - C:\Users\jba\AppData\Roaming\Mozilla\Firefox\Profiles\v7hd04n3.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2016-09-07] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKU\S-1-5-21-2542263326-912892230-2163253663-1000\...\Firefox\Extensions: [xdmff@xdman.sourceforge.net] - C:\Users\jba\AppData\Local\XDM\xdmff => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-14] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll [2014-05-13] (Simon Bünzli)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-2542263326-912892230-2163253663-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jba\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-06-19] (Citrix Online)
FF Plugin HKU\S-1-5-21-2542263326-912892230-2163253663-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\jba\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-27] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jba\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-02-01] (Cisco WebEx LLC)

CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default [2018-01-08]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2018-01-08]
CHR Extension: (Google Drive) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (uBlock Origin) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-12-27]
CHR Extension: (Google Search) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (XDM Helper) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhlkncjkeinpblgldbehianfehcablpf [2017-04-04]
CHR Extension: (Google Docs Offline) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-09]
CHR Extension: (Yucata) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\gljddcenmfcicgdenbfalmhjebcapcbp [2016-09-19]
CHR Extension: (Zoom for Google Chrome) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2017-12-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Fullscreen Anything) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\olcfgpmjldkkjdclidhcbonieibfhhdh [2017-01-07]
CHR Extension: (Gmail) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR Extension: (Chrome Media Router) - C:\Users\jba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-19]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2542263326-912892230-2163253663-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\jba\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-21]
CHR HKU\S-1-5-21-2542263326-912892230-2163253663-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

OPR Extension: (Zoom for Opera) - C:\Users\jba\AppData\Roaming\Opera Software\Opera Stable\Extensions\agocngbnphnfdhpacecdpcpfphhdmoff [2017-12-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128944 2017-12-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [492560 2018-01-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [492560 2018-01-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1526832 2017-12-19] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [434248 2017-11-06] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-05-16] (Dropbox, Inc.)
S4 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-12-04] (Dropbox, Inc.)
R2 IVPN Client; C:\Program Files\IVPN Client\IVPN Service.exe [32256 2016-02-10] (IVPN Limited) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2157456 2017-06-21] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3127192 2017-06-21] (Electronic Arts)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 SplashtopRemoteService; C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [731648 2017-05-19] (Splashtop Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\\WsAppService.exe [493792 2017-11-07] (Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120096 2017-11-08] (Wondershare)
S3 NvStreamNetworkSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [X]
S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [X]
R2 ZoomCptService; "C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe" -user_path C:\Users\jba\AppData\Roaming\Zoom

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-21] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [196344 2017-12-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [153072 2017-12-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-02] (Avira Operations GmbH & Co. KG)
S3 CMUACWO; C:\Windows\System32\DRIVERS\CMUACWO.sys [357376 2013-02-19] (C-Media Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-11] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMSwissArmy; C:\Windows\System32\DRIVERS\mbamswissarmy.sys [252232 2017-11-13] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-22] (Malwarebytes)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
R3 Razerlow; C:\Windows\System32\drivers\DB3G.sys [21120 2005-11-07] (Razer (Asia-Pacific) Pte Ltd)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
S3 ALSysIO; \??\C:\Users\jba\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
S4 nvvhci; system32\DRIVERS\nvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-08 17:42 - 2018-01-08 17:42 - 000022012 _____ C:\Users\jba\Downloads\FRST.txt
2018-01-08 05:15 - 2018-01-08 05:15 - 000001322 _____ C:\Users\Public\Desktop\dr.fone.lnk
2018-01-08 05:14 - 2018-01-08 05:15 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-01-08 05:13 - 2018-01-08 05:13 - 000997600 _____ C:\Users\jba\Downloads\drfone_recover_setup_full3366.exe
2018-01-08 04:57 - 2018-01-08 04:57 - 000020539 _____ C:\Users\jba\Desktop\dds.txt
2018-01-08 04:57 - 2018-01-08 04:57 - 000008562 _____ C:\Users\jba\Desktop\attach.txt
2018-01-08 04:51 - 2018-01-08 04:51 - 022139496 _____ (CHENGDU YIWO Tech Development Co., Ltd. ) C:\Users\jba\Downloads\emsa_free.exe
2018-01-08 04:40 - 2018-01-08 04:40 - 000000000 ____D C:\Users\jba\AppData\Local\Aiseesoft Studio
2018-01-08 04:24 - 2018-01-08 04:26 - 000000000 ____D C:\Program Files\Remo Recover for Android 2.0
2018-01-08 04:24 - 2018-01-08 04:24 - 000000000 ____D C:\Users\jba\AppData\Roaming\Remo
2018-01-08 04:24 - 2009-02-12 15:11 - 000026024 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rsdrvx64.sys
2018-01-08 04:02 - 2018-01-08 05:14 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-01-08 03:58 - 2018-01-08 03:58 - 000001974 _____ C:\Users\jba\Desktop\Wondershare Dr.Fone Toolkit for Android + Crack [SadeemPC] - Shortcut.lnk
2018-01-08 03:47 - 2018-01-08 03:49 - 000000000 ____D C:\Users\jba\Downloads\backups
2018-01-08 02:07 - 2018-01-08 02:09 - 000000000 ____D C:\FRST
2018-01-08 02:07 - 2018-01-08 02:07 - 002393088 _____ (Farbar) C:\Users\jba\Downloads\FRST64.exe
2018-01-08 01:01 - 2018-01-08 01:08 - 000000000 ____D C:\Program Files\MiniTool Mobile Recovery for Android
2018-01-08 01:01 - 2018-01-08 01:01 - 000000000 ____D C:\Program Files\DIFX
2018-01-08 00:56 - 2018-01-08 04:17 - 000000000 ____D C:\Program Files\Recuva
2018-01-08 00:56 - 2018-01-08 00:56 - 000001658 _____ C:\Users\Public\Desktop\Recuva.lnk
2018-01-08 00:56 - 2018-01-08 00:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2018-01-08 00:42 - 2018-01-08 00:42 - 001721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2018-01-08 00:42 - 2018-01-08 00:42 - 001002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2018-01-08 00:42 - 2018-01-08 00:42 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2018-01-08 00:37 - 2018-01-08 00:37 - 005562976 _____ (Piriform Ltd) C:\Users\jba\Downloads\rcsetup153.exe
2018-01-08 00:37 - 2018-01-08 00:37 - 000000000 ____D C:\ProgramData\wsr
2018-01-08 00:30 - 2018-01-08 05:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-01-08 00:29 - 2018-01-08 05:14 - 000000000 ____D C:\ProgramData\Wondershare
2018-01-08 00:29 - 2018-01-08 01:37 - 000000000 ____D C:\Users\jba\AppData\Roaming\Wondershare
2018-01-08 00:29 - 2017-09-27 17:29 - 000000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2018-01-08 00:29 - 2017-08-08 09:25 - 000206080 _____ (DEVGURU Co., LTD.(http://www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2018-01-08 00:29 - 2017-08-08 09:25 - 000110336 _____ (DEVGURU Co., LTD.(http://www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2018-01-01 01:58 - 2018-01-01 01:58 - 000000000 ____D C:\Users\jba\Downloads\memtest86-iso
2018-01-01 01:57 - 2018-01-01 01:57 - 005916630 _____ C:\Users\jba\Downloads\memtest86-iso.zip
2018-01-01 00:33 - 2018-01-01 00:33 - 044139618 _____ C:\Users\jba\Downloads\mb_manual_z370-aorus-gaming-7_e.pdf
2018-01-01 00:31 - 2018-01-01 00:31 - 006457710 _____ C:\Users\jba\Downloads\mb_bios_z370-aorus-gaming-7_f5h.zip
2017-12-31 10:35 - 2017-12-31 10:35 - 000000000 ____D C:\Users\jba\Downloads\NicholasLinnear
2017-12-31 10:34 - 2017-12-31 10:34 - 001822148 _____ C:\Users\jba\Downloads\NicholasLinnear.zip
2017-12-28 02:47 - 2017-12-27 22:57 - 2119135463 _____ C:\Users\jba\Downloads\Ultrawide wallpapers (3440x1440)-20171228T034750Z-001.zip
2017-12-28 02:47 - 2017-12-27 21:07 - 001407310 _____ (Igor Pavlov) C:\Users\jba\Downloads\7z1701-x64.exe
2017-12-28 02:47 - 2017-12-27 20:58 - 008190545 _____ (Geeks3D ) C:\Users\jba\Downloads\FurMark_1.19.1.0_Setup.exe
2017-12-28 02:47 - 2017-12-27 16:56 - 042324748 _____ (Igor Pavlov) C:\Users\jba\Downloads\atheros_wlan_10.0.0.352(http://www.station-drivers.com).exe
2017-12-26 23:53 - 2017-12-26 23:53 - 000391706 _____ C:\Users\jba\Downloads\JBA DL receipt.xps
2017-12-26 23:52 - 2017-12-26 23:52 - 000240828 _____ C:\Users\jba\Downloads\JBA DL renewal.xps
2017-12-19 22:11 - 2017-12-19 22:11 - 497659316 _____ C:\Users\jba\Downloads\star blazers - YouTube.MKV
2017-12-19 21:59 - 2017-12-19 21:59 - 003446840 _____ C:\Users\jba\Downloads\star blazers song - YouTube.MKV
2017-12-15 18:20 - 2017-12-15 18:20 - 023508000 _____ C:\Users\jba\Downloads\gorillaz - YouTube.MKV
2017-12-15 17:59 - 2017-12-15 17:59 - 003394911 _____ C:\Users\jba\Downloads\VP2-manual.pdf
2017-12-15 16:44 - 2017-12-15 16:44 - 038652496 _____ (Mozilla) C:\Users\jba\Downloads\Firefox Setup 56.0.2.exe
2017-12-14 19:59 - 2017-12-14 19:59 - 003500861 _____ C:\Users\jba\Downloads\6261d923-863a-45ba-a930-de9d10b53231.pdf
2017-12-14 11:07 - 2017-12-14 11:07 - 000069125 _____ C:\Users\jba\Downloads\schedule-1(1).pdf
2017-12-14 11:04 - 2017-12-14 11:04 - 000069125 _____ C:\Users\jba\Downloads\schedule-1.pdf
2017-12-12 06:29 - 2017-12-12 06:29 - 026500789 _____ (pyfa ) C:\Users\jba\Downloads\pyfa-1.34.0-.arms.race-1.3-win.exe
2017-12-12 06:10 - 2017-12-12 06:10 - 005119867 _____ C:\Users\jba\Downloads\cv_hl2140_usaeng_usr_d.pdf
2017-12-11 16:54 - 2017-12-11 16:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-08 17:41 - 2017-05-16 03:48 - 000000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-01-08 17:41 - 2016-07-22 02:37 - 000000000 ____D C:\ProgramData\NVIDIA
2018-01-08 17:41 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-08 05:30 - 2017-10-09 16:42 - 000003292 _____ C:\Windows\System32\Tasks\Avira_Antivirus_Systray
2018-01-08 05:18 - 2009-07-13 23:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-08 05:18 - 2009-07-13 23:45 - 000029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-08 05:14 - 2009-07-14 00:13 - 000959402 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-08 05:07 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-01-08 05:02 - 2013-12-07 09:44 - 000000000 ____D C:\Users\jba\Downloads\Anti Spyware 2013_12_07
2018-01-08 04:53 - 2017-05-16 03:48 - 000000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-01-08 03:47 - 2014-09-08 14:36 - 000000000 ____D C:\Users\jba\AppData\Roaming\uTorrent
2018-01-08 03:44 - 2011-09-26 08:07 - 000000000 ____D C:\Users\jba\AppData\Local\VirtualStore
2018-01-08 01:06 - 2009-07-13 23:45 - 000303488 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-08 00:30 - 2013-02-14 21:26 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-08 00:30 - 2013-02-14 21:26 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-08 00:30 - 2011-09-26 11:25 - 000066408 _____ C:\Users\jba\AppData\Local\GDIPFONTCACHEV1.DAT
2017-12-31 10:41 - 2013-06-26 09:47 - 000000000 ____D C:\Users\jba\Documents\JBA Records
2017-12-28 05:41 - 2011-10-03 01:54 - 000000000 ____D C:\Users\jba\Documents\EVE
2017-12-28 03:30 - 2017-03-10 02:49 - 000000000 ____D C:\Users\jba\.matplotlib
2017-12-27 17:47 - 2016-08-29 01:41 - 005208720 _____ (Krzysztof Kowalczyk) C:\Users\jba\Downloads\SumatraPDF-3.1.2-64-install.exe
2017-12-27 11:16 - 2016-12-20 17:40 - 000000000 ____D C:\Program Files (x86)\Opera
2017-12-27 10:12 - 2016-12-20 17:40 - 000003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1482273650
2017-12-21 14:49 - 2014-12-09 23:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-20 00:16 - 2017-09-29 14:08 - 000000000 ____D C:\Users\jba\AppData\Roaming\foobar2000
2017-12-20 00:10 - 2014-07-11 22:24 - 000000000 ____D C:\Users\jba\AppData\Roaming\vlc
2017-12-19 19:27 - 2016-12-10 01:39 - 000000000 ____D C:\Users\jba\AppData\LocalLow\Mozilla
2017-12-19 19:19 - 2016-06-11 14:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-12-19 19:18 - 2016-06-11 14:55 - 000196344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-12-19 19:18 - 2016-06-11 14:55 - 000153072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-12-19 19:11 - 2017-08-31 15:38 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-19 19:11 - 2017-08-31 15:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-19 19:11 - 2014-09-14 10:35 - 000000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-15 20:37 - 2011-09-26 08:07 - 000000000 ____D C:\Users\jba
2017-12-14 11:17 - 2016-12-20 17:37 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-14 11:17 - 2015-12-26 15:44 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-14 11:17 - 2012-07-06 09:19 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-14 11:17 - 2011-12-22 13:13 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-14 11:17 - 2011-10-03 00:51 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-14 11:17 - 2011-10-03 00:51 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-14 09:40 - 2017-09-26 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-12-12 06:58 - 2011-09-26 10:56 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-12-12 06:33 - 2016-04-11 02:41 - 000000000 ____D C:\Users\jba\.pyfa
2017-12-11 16:54 - 2017-05-16 03:48 - 000000000 ____D C:\Program Files (x86)\Dropbox

==================== Files in the root of some directories =======

2016-11-28 20:58 - 2016-11-28 20:58 - 000000001 _____ () C:\Users\jba\AppData\Local\llftool.4.40.agreement
2017-10-01 13:35 - 2017-10-01 13:35 - 000000866 _____ () C:\Users\jba\AppData\Local\recently-used.xbel
2016-05-21 20:32 - 2017-09-19 16:44 - 000007604 _____ () C:\Users\jba\AppData\Local\Resmon.ResmonCfg
2008-02-05 12:28 - 2008-02-05 12:28 - 000000051 _____ () C:\Users\jba\AppData\Local\setup.txt

Some files in TEMP:
2016-06-11 14:55 - 2017-04-11 13:13 - 000000000 ____D () C:\Users\jba\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


I found an older post here requesting help to remove wondershare files that remained after installing the android recovery program, so i wanted to do the same thing. I tried to run FRST x64 02.01.2018, however it never finishes. I've attached a pic of where it "stops" --continues to run but nothing happens. Besides wondershare, there might be some other files that should not be there, as I tried multiple android recovery programs besides Dr Fone.

You do not have the required permissions to view the files attached to this post.
Active Member
Posts: 3
Joined: January 8th, 2018, 9:10 pm
Register to Remove

Re: Wondershare removal...FRST will not complete.

Unread postby mAL_rEm018 » January 10th, 2018, 12:30 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.

Hello hrbngr,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions. In the meantime I would like you to read and get acquainted with the following topic: HOW TO GET HELP IN THIS FORUM - everyone must read this, where the conditions for receiving help here are explained.
User avatar
Posts: 2692
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Wondershare removal...FRST will not complete.

Unread postby hrbngr » January 10th, 2018, 6:03 am


Thanks for the reply. I'll work on the file backups while I wait for your response.

Active Member
Posts: 3
Joined: January 8th, 2018, 9:10 pm

Re: Wondershare removal...FRST will not complete.

Unread postby mAL_rEm018 » January 10th, 2018, 8:06 am

Hello hrbngr,

Backup your registry using TCRB
  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

  • Please download CKScanner from Here
  • Save it to your Desktop.
  • Right-Click on CKScanner.exe and select Run as Administrator.
  • Select Search For Files
  • When the scan in finished, click on Save List To File.
  • Open CKFiles.txt on your desktop and post the contents in your next reply.
    Only run CKScanner.exe once.

In your next reply, I would like to see..
  • Did you have any trouble following the steps?
  • CKFiles.txt
User avatar
Posts: 2692
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Wondershare removal...FRST will not complete.

Unread postby hrbngr » January 11th, 2018, 2:01 am


All done no trouble so far.

You do not have the required permissions to view the files attached to this post.
Active Member
Posts: 3
Joined: January 8th, 2018, 9:10 pm

Re: Wondershare removal...FRST will not complete.

Unread postby mAL_rEm018 » January 11th, 2018, 2:14 am

Cracked - Illegal Software

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help. The section here explains why we bring this to your attention.

If you wish to receive help from us, you must remove any and all of the following from your computer:
  • Illegal software
  • Cracked software
  • illegal software key generators

Once the software and/or keygens have been removed, if you still need help, please start a new thread... include a link to your closed topic and include NEW FRST logs :
  • FRST.txt.
  • Addition.txt.
  • Details of the problems you're experiencing.
Wait for a new helper. Do not reply to your topic before a helper has replied.

This topic is now closed.
User avatar
Posts: 2692
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia
Register to Remove

  • Similar Topics
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!

Who is online

Users browsing this forum: No registered users and 208 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware