Author Topic: weird registry noticed in FRST (Read 3354 times)

Lotan · « **on:** March 03, 2017, 08:41:22 PM »

so i did a random scan using FRST to look over and i noticed a registry that wasnt on the last scan i did.
HKU\S-1-5-21-3804374118-1414672728-3398495541-1002\...\MountPoints2: {896d96ed-ffa5-11e5-85c6-806e6f6e6963} - "Explorer.exe" monitor.htm
added the results here

i also did a adwcleaner scan and found something called "AdvinstAnalytics in my appdata\local\temp folder

malwarebytes didnt show anything

Eddy · « **Reply #1 on:** March 03, 2017, 08:45:51 PM »

Please also run Mbam and attach the log to your next post here.

Lotan · « **Reply #2 on:** March 03, 2017, 09:18:11 PM »

i used Adwcleaner and that issue it found is gone now
uploaded the malwarebytes scan but shows everything as clean

Lotan · « **Reply #3 on:** March 03, 2017, 10:45:51 PM »

i have now disconnected my pc from the internet

shortly after i saw it on frst i went into the regedit and saw there was only that explorer monitor.htm thing now i checked it again and found more folders one named " shell/autoplay/droptarget" so now im pretty sure my pc is infected

Lotan · « **Reply #4 on:** March 03, 2017, 11:05:19 PM »

ok so i think ive just transfered it to my windows tablet through a usb thumb drive as there wasnt any sign in reg edit but as soon as i connected the drive i got a droptaget show up so mcshield isnt picking it up

edit i think i stopped the spread to my tablet by removing the registry quick enough as nothng else has showed up there yet

Lotan · « **Reply #5 on:** March 03, 2017, 11:33:14 PM »

ive found that this "mountpoints2 folder that they are all in is connected to the USB and am wondering if its safe to just remove the whole folder and that will fix it all

Lotan · « **Reply #6 on:** March 04, 2017, 12:38:20 AM »

looked over some older frst logs (mainly ones ive uploaded here and found that the monitor.htm thing was there since atleast 22nd feb during the whole false positive issue but wasnt there in the 16th november scan i uploaded.
Is there a way to find out when a registry item was created?

Lotan · « **Reply #7 on:** March 04, 2017, 01:55:41 AM »

have run additional scans with EEK, Eset and tdsskiller online scanners and they all came back with no threats.

did a avast boot scan which came back clean

Lotan · « **Reply #8 on:** March 04, 2017, 09:54:38 AM »

ive read other posts on the net about mountpints 2 issues and they all asked for the regedit section exported for diagnostic so i thought i would do the same here

Lotan · « **Reply #9 on:** March 04, 2017, 03:56:28 PM »

update: just found out that the "explorer.exe" monitor.htm registry was the driver disk from my BenQ monitor,once i took the disk out the registry entry vanished , i feel stupid.

still dont know what these "shell/autoplay/droptarget" entries are though

Author Topic: weird registry noticed in FRST (Read 3354 times)

Lotan

weird registry noticed in FRST

Eddy

Re: weird registry noticed in FRST

Lotan

Re: weird registry noticed in FRST

Lotan

Re: weird registry noticed in FRST

Lotan

Re: weird registry noticed in FRST

Lotan

Re: weird registry noticed in FRST

Lotan

Re: weird registry noticed in FRST

Lotan

Re: weird registry noticed in FRST

Lotan

Re: weird registry noticed in FRST

Lotan

Re: weird registry noticed in FRST