I have Avast antivirus and I keep getting a pop up message that a "Threat [was] blocked". The details are:
Object - http://reannewscomm....ds.php?sid=1967
Infection - URL:Mal
Process - C:\Windows\explorer.exe
I am trying to remove this threat. I have tried SpyBot Search & Destroy. Please see below for FRST report. Thanks!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by A. Lines (administrator) on BEAST (24-02-2016 21:49:32)
Running from C:\Users\A. Lines\Desktop
Loaded Profiles: A. Lines (Available Profiles: A. Lines)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Air Mouse\Air Mouse\UIHelperDesktop.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\SLDWORKS.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldProcMon.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\swVBAServer\swvbaserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\Simulation\ParametricObject.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-16] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\...\Run: [{79BF4901-1EC4-4726-B3C2-A7859706C6E7}] => "C:\Users\A. Lines\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}"
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\...\Run: [3586113842] => regsvr32.exe "C:\Users\A. Lines\AppData\Roaming\MecaCkul\MakEqca.dll"
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\...\MountPoints2: {df4baabc-f12a-11e4-9529-00a0c6000000} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-16] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mobile Mouse.lnk [2015-08-05]
ShortcutTarget: Mobile Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{633B0D76-9580-4F6E-876E-AA24010949E4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=101&s_chn2=0EyE0DyDtA0Dzz0D0F0E0B0AtA0ByE0A2RtBtDtCyDtCtBtCtAtCtCyEtByDyCtAyEyB
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-01-03] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-16] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-01-03] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-16] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-01-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-01-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-17]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-17]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-01-28]
CHR Extension: (Google Drive) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Language Immersion for Chrome) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2015-09-13]
CHR Extension: (Tabs Outliner) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2016-01-17]
CHR Extension: (Chrome Remote Desktop) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-29]
CHR Extension: (Cisco WebEx Extension) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-05-01]
CHR Extension: (Coupons at Checkout) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2016-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-16]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-16] (AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [69016 2016-02-05] (Google Inc.)
S3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [109624 2011-08-17] (Mentor Graphics Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-05-01] (SolidWorks) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-16] (AVAST Software)
R3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-05-06] (Phoenix Technologies) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 nwdelgobimbb; C:\Windows\System32\DRIVERS\nwdelgobimbb.sys [399872 2012-11-30] (QUALCOMM Incorporated)
R3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-11-30] (Novatel Wireless Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [31472 2014-04-25] (Synaptics Incorporated)
R3 ST_Accel; C:\Windows\system32\drivers\ST_Accel.sys [87776 2013-04-11] (STMicroelectronics)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-24 21:49 - 2016-02-24 21:51 - 00017663 _____ C:\Users\A. Lines\Desktop\FRST.txt
2016-02-24 21:48 - 2016-02-24 21:49 - 00000000 ____D C:\FRST
2016-02-24 21:47 - 2016-02-24 21:47 - 02371072 _____ (Farbar) C:\Users\A. Lines\Desktop\FRST64.exe
2016-02-24 21:35 - 2016-02-24 21:35 - 01722368 _____ (Farbar) C:\Users\A. Lines\Downloads\FRST.exe
2016-02-24 20:51 - 2016-02-24 20:51 - 00003130 _____ C:\Windows\System32\Tasks\Trojan Remover
2016-02-24 20:50 - 2016-02-24 20:50 - 00000000 ____D C:\ProgramData\Loaris
2016-02-24 20:49 - 2016-02-24 20:50 - 49803501 _____ (Loaris, Inc. ) C:\Users\A. Lines\Downloads\setup-ltr-1.3.9.9.exe
2016-02-23 22:56 - 2016-02-23 22:56 - 00000000 ____D C:\Windows\system32\appmgmt
2016-02-23 22:36 - 2016-02-23 22:36 - 00000000 ____D C:\Users\A. Lines\AppData\LocalLow\BitTorrent
2016-02-23 22:19 - 2016-02-23 22:19 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-02-23 22:15 - 2016-02-23 22:16 - 00000000 ____D C:\Users\A. Lines\Desktop\Adobe Acrobat XI
2016-02-23 22:09 - 2016-02-23 22:09 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2016-02-23 22:07 - 2016-02-23 22:07 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\MecaCkul
2016-02-23 21:42 - 2016-02-23 21:42 - 00000000 ____D C:\Users\A. Lines\Documents\Pakistan
2016-02-23 21:33 - 2016-02-23 21:33 - 00045838 _____ C:\Users\A. Lines\Downloads\Visa Application form.pdf
2016-02-23 21:32 - 2016-02-23 21:32 - 00532047 _____ C:\Users\A. Lines\Downloads\Gleich_Visa Application form.pdf
2016-02-23 21:32 - 2016-02-23 21:32 - 00146667 _____ C:\Users\A. Lines\Downloads\Gleich_passport page.pdf
2016-02-22 19:39 - 2016-02-22 19:49 - 78291344 _____ C:\Users\A. Lines\Downloads\[Steve_House,_Scott_Johnston,_Mark_Twight]_Trainin(BookZZ.org).epub
2016-02-22 19:38 - 2016-02-22 19:46 - 76889344 _____ C:\Users\A. Lines\Downloads\[Mark_F._Twight,_James_Martin]_Extreme_Alpinism_C(BookZZ.org).pdf
2016-02-22 07:47 - 2016-02-24 06:38 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-02-19 06:05 - 2016-02-19 06:05 - 00000000 ____D C:\Users\A. Lines\Tracing
2016-02-16 21:14 - 2016-02-16 21:14 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-16 21:14 - 2016-02-16 21:14 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-15 23:54 - 2016-02-15 23:54 - 01114139 _____ C:\Users\A. Lines\Downloads\1991 Ghamubar attempt.pdf
2016-02-08 07:09 - 2016-02-08 07:09 - 00000000 ____D C:\ProgramData\Google
2016-02-08 07:07 - 2016-02-08 07:08 - 08400896 _____ C:\Users\A. Lines\Downloads\chromeremotedesktophost.msi
2016-02-08 07:07 - 2016-02-08 07:07 - 00002306 _____ C:\Users\A. Lines\Desktop\Chrome App Launcher.lnk
2016-02-08 07:07 - 2016-02-08 07:07 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-02-08 07:07 - 2016-02-08 07:07 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-02-04 22:16 - 2016-02-04 22:16 - 00218998 _____ C:\Users\A. Lines\Downloads\Accident Report - 2016-01-29 - Lines & Weeks.pdf
2016-02-04 22:16 - 2016-02-04 22:16 - 00218998 _____ C:\Users\A. Lines\Downloads\Accident Report - 2016-01-29 - Lines & Weeks (1).pdf
2016-02-01 21:06 - 2016-02-01 21:06 - 00231760 _____ C:\Users\A. Lines\Downloads\CrucialScan.exe
2016-02-01 20:48 - 2016-02-01 20:48 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\AMD
2016-02-01 20:41 - 2016-02-01 20:41 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\ATI
2016-02-01 20:41 - 2016-02-01 20:41 - 00000000 ____D C:\Users\A. Lines\AppData\Local\ATI
2016-02-01 20:41 - 2016-02-01 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD FirePro Control Center
2016-02-01 20:41 - 2016-02-01 20:41 - 00000000 ____D C:\ProgramData\ATI
2016-02-01 20:39 - 2016-02-01 20:39 - 00000000 ____D C:\Program Files (x86)\AMD
2016-02-01 20:28 - 2016-02-01 20:28 - 00000000 ____D C:\AMD
2016-02-01 20:23 - 2016-02-01 20:23 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\A. Lines\Downloads\autodetectutility.exe
2016-02-01 20:18 - 2016-02-01 20:44 - 00000000 ____D C:\Users\A. Lines\Downloads\bluescreenview-x64
2016-02-01 20:08 - 2016-02-01 20:08 - 00278480 _____ C:\Windows\Minidump\020116-27409-01.dmp
2016-01-31 18:34 - 2016-01-31 18:34 - 00278480 _____ C:\Windows\Minidump\013116-20311-01.dmp
2016-01-29 17:46 - 2016-01-29 17:46 - 00278480 _____ C:\Windows\Minidump\012916-20935-01.dmp
2016-01-29 16:29 - 2016-01-29 16:29 - 00278480 _____ C:\Windows\Minidump\012916-19968-01.dmp
2016-01-29 15:37 - 2016-01-29 16:15 - 00219066 _____ C:\Users\A. Lines\Documents\Accident Report - 2016-01-29 - Lines & Weeks.pdf
2016-01-29 12:41 - 2016-01-29 13:23 - 00000000 ____D C:\Users\A. Lines\Downloads\The Revenant (2015)720p DvDScr x264 DD 5.1-jackane NL Subs 2LT
2016-01-29 12:19 - 2016-01-29 12:19 - 00251073 _____ C:\Users\A. Lines\Downloads\W2 - 2014.pdf
2016-01-29 12:17 - 2016-01-29 12:17 - 00280765 _____ C:\Users\A. Lines\Downloads\W2 - 2015.pdf
2016-01-29 12:14 - 2016-01-29 12:20 - 00000000 ____D C:\Users\A. Lines\Documents\Taxes
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-24 21:31 - 2015-05-04 20:34 - 00000000 ____D C:\Users\A. Lines\Documents\Reference
2016-02-24 21:31 - 2009-07-13 23:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-24 21:31 - 2009-07-13 23:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-24 21:20 - 2015-05-01 18:00 - 00000000 ____D C:\Users\A. Lines\AppData\Local\TempSWBackupDirectory
2016-02-24 21:01 - 2014-01-10 11:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-24 19:30 - 2015-05-01 17:07 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\SolidWorks
2016-02-24 19:29 - 2016-01-13 20:21 - 00000000 ____D C:\Users\A. Lines\Documents\Outlook Files
2016-02-24 07:24 - 2015-08-04 20:50 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\BitTorrent
2016-02-24 06:43 - 2009-07-14 00:13 - 00785554 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-24 06:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-24 06:38 - 2015-05-01 17:01 - 00140152 _____ C:\Users\A. Lines\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-24 06:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-24 06:36 - 2009-07-13 23:45 - 00526936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-23 22:56 - 2015-11-29 16:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-23 22:56 - 2014-01-10 11:20 - 00000000 ____D C:\ProgramData\Adobe
2016-02-23 22:39 - 2015-05-01 17:00 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\Adobe
2016-02-23 22:39 - 2015-05-01 17:00 - 00000000 ____D C:\Users\A. Lines\AppData\Local\Adobe
2016-02-23 21:07 - 2015-05-01 17:27 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-02-23 04:10 - 2015-08-17 20:17 - 00017722 _____ C:\Windows\solvermfc.INI
2016-02-21 11:38 - 2015-09-13 11:52 - 00000000 ____D C:\Users\A. Lines\Documents\CIS
2016-02-21 09:27 - 2015-05-31 13:36 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\Skype
2016-02-19 15:30 - 2014-01-10 11:23 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 15:30 - 2014-01-10 11:23 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 06:05 - 2015-05-01 17:00 - 00000000 ____D C:\Users\A. Lines
2016-02-18 22:20 - 2015-11-29 16:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-17 02:19 - 2014-01-10 11:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-16 21:15 - 2015-05-01 17:27 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-16 21:15 - 2015-05-01 17:27 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-16 21:14 - 2015-05-01 17:27 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-16 21:14 - 2015-05-01 17:27 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-16 21:14 - 2015-05-01 17:27 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-16 21:14 - 2015-05-01 17:27 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-16 21:14 - 2015-05-01 17:27 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-16 21:14 - 2015-05-01 17:27 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-02 20:57 - 2015-05-31 17:32 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\vlc
2016-02-01 20:34 - 2015-10-14 19:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-01 20:33 - 2015-04-28 12:01 - 00000000 ____D C:\Program Files\AMD
2016-02-01 20:18 - 2015-01-29 10:11 - 00146528 _____ (NirSoft) C:\Users\A. Lines\Desktop\BlueScreenView.exe
2016-02-01 20:08 - 2015-05-19 05:57 - 559403080 _____ C:\Windows\MEMORY.DMP
2016-02-01 20:08 - 2015-05-19 05:57 - 00000000 ____D C:\Windows\Minidump
2016-02-01 15:12 - 2014-01-10 11:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 15:12 - 2014-01-10 11:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 15:12 - 2014-01-10 11:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-01 15:12 - 2014-01-10 11:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-29 12:35 - 2015-06-02 19:55 - 00000000 ____D C:\Users\A. Lines\Documents\eBooks
2016-01-29 11:50 - 2015-05-01 17:59 - 00000000 ____D C:\Users\A. Lines\AppData\Local\SolidWorks
2016-01-29 01:35 - 2015-08-23 19:25 - 00000000 ____D C:\Users\A. Lines\Documents\Ed's Cabin
==================== Files in the root of some directories =======
2015-12-06 23:19 - 2015-12-06 23:19 - 0977855 _____ () C:\Users\A. Lines\AppData\Local\RAR-File-Opener_1779.rar
2015-12-13 11:42 - 2015-12-06 23:19 - 1029208 _____ (Installer ) C:\Users\A. Lines\AppData\Local\rarfileopener_setup.exe
2015-05-05 21:21 - 2015-05-05 21:21 - 0007609 _____ () C:\Users\A. Lines\AppData\Local\Resmon.ResmonCfg
2015-10-07 19:41 - 2015-10-07 21:01 - 0000000 _____ () C:\Users\A. Lines\AppData\Local\Temptable.xml
2016-01-17 10:59 - 2016-01-17 11:03 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Files to move or delete:
====================
C:\Windows\Tasks\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}.job
Some files in TEMP:
====================
C:\Users\A. Lines\AppData\Local\Temp\ose00000.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-18 13:15
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by A. Lines (2016-02-24 21:52:12)
Running from C:\Users\A. Lines\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-05-01 22:00:40)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
A. Lines (S-1-5-21-4253142918-38096452-1358066440-1000 - Administrator - Enabled) => C:\Users\A. Lines
Administrator (S-1-5-21-4253142918-38096452-1358066440-500 - Administrator - Disabled)
Guest (S-1-5-21-4253142918-38096452-1358066440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4253142918-38096452-1358066440-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{EBFF2EA1-3944-4CA2-89FA-8B70C0058DD3}) (Version: 49.0.2623.40 - Google Inc.)
COSMOSM 2012 x64 Edition (2010/290) (Version: 20.100.002 - SolidWorks Corporation) Hidden
eDrawings 2016 x64 (HKLM\...\{CC5C83ED-3E2B-4037-BB06-6FB697AF60EB}) (Version: 16.0.5009 - Dassault Systèmes SolidWorks Corp)
ePub Reader for Windows version 5.3 (HKLM-x32\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 5.3 - HANSoft, Inc.)
Free Rar File Opener (HKLM-x32\...\{C4F94FD8-9CF5-40B5-9695-FC5BCD22F062}_is1) (Version: 1.0 - Media Freeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
inReach Sync (HKLM-x32\...\{f65dc620-5c22-4170-b32a-ff622d61274e}) (Version: 1.3.5.9174 - DeLorme)
inReach Sync (x32 Version: 1.3.5.9174 - DeLorme) Hidden
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.3 - Intel)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Kindlian (HKLM-x32\...\{6BC15173-1A04-4400-BAF2-4674B6DD36DE}) (Version: 3.9.0 - Kindlian)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Mouse Server (HKLM-x32\...\{C366A146-F0A2-411F-9C8D-CEED6C734BF1}) (Version: 3.3.0 - RPA Tech, Inc)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version: - CPUID)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1047.0 - Passmark Software)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.2.0000 - ETS)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SolidWorks 2012 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20120-40000-1100-100) (Version: 20.0.0.5022 - SolidWorks Corporation)
SolidWorks 2012 x64 Edition SP0 (Version: 20.100.5022 - SolidWorks) Hidden
SolidWorks eDrawings 2012 x64 Edition SP0 (Version: 12.0.5015 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2012 SP0 x64 Edition (Version: 20.00.5022 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2012 SP0 x64 Edition (Version: 20.00.5023 - SolidWorks Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0527739B-610B-40C9-8786-077BA06A5D83} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0F9374F0-B063-4513-B8E2-F07AEE360CAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2852CFF8-C7D7-43F7-B71C-4D6B6A32C17A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-31] (Adobe Systems Incorporated)
Task: {50F5FF64-B61D-4344-96F3-938899EF4618} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-08-17] ()
Task: {69B7A06A-B3DE-4A0B-904F-A517CCAAF609} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {77955717-AB17-4E7B-B5AC-389694A4A669} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-16] (AVAST Software)
Task: {8830ABD2-4A2A-46CA-8583-81D1C54F3D9E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9E4F17EE-837D-44BA-8CEF-4A29CCAF2324} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AAC3BA48-D120-49B1-8166-45A0D57499CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {ACFC94A3-DC97-46DF-8976-1C038A7546E4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-17] (AVAST Software)
Task: {B4EB7146-8D74-491A-B02D-31FE488FA215} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris\Trojan Remover\ltr.exe
Task: {C072FC9C-9CDC-4050-931C-545B192EF645} - System32\Tasks\{80DD8B9A-D845-4E55-8128-EC269EEF619A} => pcalua.exe -a "C:\Users\A. Lines\Downloads\eDrawingsAllX64.exe" -d "C:\Users\A. Lines\Downloads"
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}.job => C:\Users\A. Lines\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exeڀ/i C:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends 3.0.1\install\LoL.NA.msi AI_RESUME=1 ADDLOCAL=BAEAC99E_37AC_4DB1_8AA2_D0B4B5C09ED_1,LeagueofLegends,LeagueofLegends_GameClient,D2BCE474_49DC_4169_8EFD_7CAB0921B614,F477261_82C3_4613_8028_BC4B6AA8AD37,LoLStartMenuShortcut REMOVE=LoLDesktopShortcut PRIMARYFOLDER=APPDIR ROOTDRIVE=C:\ AI_PREREQFILES=C:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\DXSETUP.exeC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_d3dx9_39_x86.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_d3dx10_39_x86.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_XAudio_x86.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\DSETUP.dllC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\dsetup32.dllC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxdllreg_x86.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxnt.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxupdate.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x86.exe AI_PREREQDIRS=C:\Users\A. Lines\AppData\Roaming\Riot Games AI_SETUPEXEPATH=C:\Users\A. Lines\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-18 13:08 - 2015-03-18 13:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-02 17:54 - 2015-03-02 17:54 - 00052600 _____ () C:\Program Files (x86)\Air Mouse\Air Mouse\UIHelperDesktop.exe
2015-02-10 13:12 - 2015-02-10 13:12 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2014-01-23 15:05 - 2014-01-23 15:05 - 01424552 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2011-01-24 02:03 - 2011-01-24 02:03 - 00607016 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\greta.dll
2011-09-27 03:53 - 2011-09-27 03:53 - 00323144 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00237640 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\featurecplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00954952 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\CouplingBase.dll
2015-05-31 13:36 - 2015-05-31 13:36 - 00364544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\featurecplu\7788220d7249db351c127ea1472452a0\featurecplu.ni.dll
2015-05-31 13:36 - 2015-05-31 13:36 - 01707520 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\couplingBase\89c81d8b9105ad44af3ceb775a5326e2\couplingBase.ni.dll
2011-09-27 03:53 - 2011-09-27 03:53 - 04236360 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldcoreu.dll
2011-09-27 03:56 - 2011-09-27 03:56 - 00199240 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\wpfsupport.dll
2011-09-27 03:50 - 2011-09-27 03:50 - 00202312 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\annotationcplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00314952 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\asmfeaturecplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00403528 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\contentcplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00083528 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\environmentcplu.dll
2011-09-27 03:52 - 2011-09-27 03:52 - 00153672 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\refgeomcplu.dll
2011-09-27 03:52 - 2011-09-27 03:52 - 00313928 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sheetmetalcplu.dll
2011-09-27 03:52 - 2011-09-27 03:52 - 00659016 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\Sketchcplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00076360 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\clrloadu.dll
2015-05-04 21:48 - 2015-05-04 21:48 - 00114688 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\clrloadu\3553f36921968c31f5d1d858c32e24ff\clrloadu.ni.dll
2015-05-31 13:36 - 2015-05-31 13:36 - 00335872 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\annotationcplu\414e7d06595a3c51607711a7d208b510\annotationcplu.ni.dll
2015-05-31 13:36 - 2015-05-31 13:36 - 00653312 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\asmfeaturecplu\3310775a2f627517bd58b252d73312bd\asmfeaturecplu.ni.dll
2015-05-31 13:36 - 2015-05-31 13:36 - 00785920 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\contentcplu\e838f0b464740fc1376095e0e6585aac\contentcplu.ni.dll
2015-05-31 13:37 - 2015-05-31 13:37 - 00271360 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\refgeomcplu\92eefdfd35e889c74a130552ee72a61b\refgeomcplu.ni.dll
2015-05-31 13:37 - 2015-05-31 13:37 - 00668160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\sheetmetalcplu\d5aede94e4eafc8675e3805e43c46ab9\sheetmetalcplu.ni.dll
2015-05-31 13:37 - 2015-05-31 13:37 - 01102848 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\Sketchcplu\b80e9eb830faf2d11c3edac62d6add86\Sketchcplu.ni.dll
2007-10-03 01:24 - 2007-10-03 01:24 - 00133912 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\swaxplan.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00197192 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\assemblycplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00932424 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\doccplu.dll
2011-09-27 03:52 - 2011-09-27 03:52 - 00182344 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\partcplu.dll
2011-09-27 03:53 - 2011-09-27 03:53 - 00073800 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldcosmosgcu.dll
2016-02-16 21:14 - 2016-02-16 21:14 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-16 21:14 - 2016-02-16 21:14 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-23 21:06 - 2016-02-23 21:06 - 02836480 _____ () C:\Program Files\AVAST Software\Avast\defs\16022301\algo.dll
2016-02-16 21:14 - 2016-02-16 21:14 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-24 06:37 - 2016-02-24 06:37 - 02836480 _____ () C:\Program Files\AVAST Software\Avast\defs\16022400\algo.dll
2016-02-24 10:41 - 2016-02-24 10:41 - 02836480 _____ () C:\Program Files\AVAST Software\Avast\defs\16022401\algo.dll
2016-02-16 21:14 - 2016-02-16 21:14 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2015-05-05 20:59 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-05 20:59 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-05 20:59 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-05-05 20:59 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-05 20:59 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-04 22:26 - 2016-01-04 22:26 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-08-21 19:46 - 2007-08-21 19:46 - 00059160 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\swVBAServer\zlib.dll
2011-01-24 02:03 - 2011-01-24 02:03 - 00419624 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\swVBAServer\greta.dll
2015-03-18 13:08 - 2015-03-18 13:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-02-19 15:30 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 15:30 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2011-09-27 03:58 - 2011-09-27 03:58 - 00070728 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\Simulation\ucalc32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\A. Lines\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CoordinatorServiceHost => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk => C:\Windows\pss\SolidWorks Background Downloader.lnk.CommonStartup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_45E8DDE4492D186436ABA8B1A7068126 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5895A909-A11D-4A2F-823D-28B40813737A}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{7454EC05-D466-4E92-9BB2-EDEDBB37B09A}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{D362B9CF-31CE-4CE5-A920-ED801D2756EF}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{A55F3255-4D46-4164-9D99-97357A5EB505}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{9A62F658-951C-4AE0-8F07-20861200997F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{2EE9D413-4586-4DCE-90C7-2066322766F8}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{AFE9666D-2DF3-4725-94A7-60BD2E21D5FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4E128CA4-D6F9-4F70-BEF3-7B710B533E6E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C7FB5940-76AD-4354-A0D5-EB5EB4BEC4E9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BB6B9632-4E47-441B-A0CA-BBD6D0044F2B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FD002162-E563-45C0-B561-A6AB1419B1A5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{91162A0A-2644-423B-A4F5-1F2664A40BD3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B9B21575-DD4C-4C96-BD5F-227AA3970AFF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{17D3D0E4-2085-46A1-A8BE-E8F30369D0DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{08FF9EB9-D597-4E41-A77F-B4F19CDFA165}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{832018D7-3505-49F9-A060-FADCB5B2EB35}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{BB6CE900-F328-4E81-9A37-CA7AFFE2EE83}C:\program files (x86)\air mouse\air mouse\air mouse.exe] => (Allow) C:\program files (x86)\air mouse\air mouse\air mouse.exe
FirewallRules: [UDP Query User{86A59C0C-7640-47B6-B721-CB41F73D805B}C:\program files (x86)\air mouse\air mouse\air mouse.exe] => (Allow) C:\program files (x86)\air mouse\air mouse\air mouse.exe
FirewallRules: [{D025F7BF-057A-4CDE-8E01-D384B520D689}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{88864E66-EA07-425B-984B-C82566846420}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{21E0E106-FF8F-40A9-97E7-D6E867C61847}] => (Allow) C:\Users\A. Lines\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{456A6518-9D22-4B58-B4E6-2FA306564063}] => (Allow) C:\Users\A. Lines\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{E426FD78-ABA1-4C6B-A698-90B0F8AA4189}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{99B3DC49-1C97-4D74-A794-37060D37D04B}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{05CC894C-984D-4200-A8AD-2982CB835ABD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CF9DE7DF-5932-41CC-B78F-33773A70DFF1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5D4A5F81-B21F-4C0E-9158-3DEA5ED61A4E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{FCA18EBE-3CD2-403A-98C2-251D4B272B67}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{098C1241-31A3-477F-9B84-C63E1D1BE6AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{404EC51A-057B-4510-B141-3354D6DB0D5F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2901FAF4-5E0F-4081-BF0E-FA00AB59911A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{377C41A1-5BC3-4B41-AB3A-0D4BAF5A4E7B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{25E11C00-775D-42A7-93CD-A7F0BFE13200}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
FirewallRules: [{C49D5DA5-71C4-4A00-ADED-6F86B56679CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B04D7D2E-6895-4867-A3C5-B96B72FD4B37}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
19-02-2016 00:00:02 Scheduled Checkpoint
23-02-2016 22:00:22 Installed Adobe Acrobat 9 Pro Extended - English, Français, Deutsch.
23-02-2016 22:17:13 Installed Adobe Acrobat XI Pro.
23-02-2016 22:50:54 Removed Adobe Acrobat XI Pro.
==================== Faulty Device Manager Devices =============
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/24/2016 09:47:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17910, time stamp: 0x5585a964
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x27bc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (02/24/2016 09:46:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17910, time stamp: 0x5585a964
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x2c34
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (02/24/2016 09:39:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17910, time stamp: 0x5585a964
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x1488
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (02/24/2016 09:38:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17910, time stamp: 0x5585a964
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x33f0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Error: (02/24/2016 06:39:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x14f4
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Error: (02/24/2016 06:38:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWX.exe, version: 6.3.9600.17923, time stamp: 0x55945db6
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x10f8
Faulting application start time: 0xGWX.exe0
Faulting application path: GWX.exe1
Faulting module path: GWX.exe2
Report Id: GWX.exe3
Error: (02/24/2016 06:38:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CLIStart.exe, version: 3.5.0.0, time stamp: 0x55c03bf3
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x590
Faulting application start time: 0xCLIStart.exe0
Faulting application path: CLIStart.exe1
Faulting module path: CLIStart.exe2
Report Id: CLIStart.exe3
Error: (02/24/2016 06:37:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/23/2016 10:55:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: runonce.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a253
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x8b8
Faulting application start time: 0xrunonce.exe0
Faulting application path: runonce.exe1
Faulting module path: runonce.exe2
Report Id: runonce.exe3
Error: (02/23/2016 10:50:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sldProcMon.exe, version: 20.0.0.5022, time stamp: 0x4e811bb5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x1294
Faulting application start time: 0xsldProcMon.exe0
Faulting application path: sldProcMon.exe1
Faulting module path: sldProcMon.exe2
Report Id: sldProcMon.exe3
System errors:
=============
Error: (02/24/2016 08:17:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/24/2016 07:41:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/24/2016 07:24:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/24/2016 06:34:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/24/2016 04:39:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (02/24/2016 02:18:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/24/2016 01:38:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/24/2016 01:22:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/24/2016 01:21:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (02/24/2016 01:21:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
CodeIntegrity:
===================================
Date: 2015-05-06 06:40:28.407
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-06 06:40:28.375
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-06 06:40:28.344
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-06 06:40:28.313
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-06 06:40:28.282
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-06 06:40:28.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-06 06:40:28.219
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-06 06:40:28.188
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-06 06:40:28.157
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-05-06 06:40:28.126
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 7413.05 MB
Available physical RAM: 2423.82 MB
Total Virtual: 23795.26 MB
Available Virtual: 16114.86 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:691.81 GB) (Free:455.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:29.8 GB) (Free:20.4 GB) FAT32
Drive g: () (Fixed) (Total:930.74 GB) (Free:731.52 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 738B366A)
Partition 1: (Not Active) - (Size=6.8 GB) - (Type=27)
Partition 2: (Active) - (Size=691.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 930.9 GB) (Disk ID: 73696D20)
No partition Table on disk 1.
========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================