Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infection - reannewscomm.com/ads.php?sid=1967

reannewscomm malware infection

  • Please log in to reply

#1
walter007

walter007

    Member

  • Member
  • PipPip
  • 21 posts

I have Avast antivirus and I keep getting a pop up message that a "Threat [was] blocked". The details are:

 

Object - http://reannewscomm....ds.php?sid=1967

Infection - URL:Mal

Process - C:\Windows\explorer.exe

 

I am trying to remove this threat. I have tried SpyBot Search & Destroy. Please see below for FRST report. Thanks!

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by A. Lines (administrator) on BEAST (24-02-2016 21:49:32)
Running from C:\Users\A. Lines\Desktop
Loaded Profiles: A. Lines (Available Profiles: A. Lines)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files (x86)\Air Mouse\Air Mouse\UIHelperDesktop.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\SLDWORKS.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldProcMon.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\swVBAServer\swvbaserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\Simulation\ParametricObject.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-16] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\...\Run: [{79BF4901-1EC4-4726-B3C2-A7859706C6E7}] => "C:\Users\A. Lines\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}"
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\...\Run: [3586113842] => regsvr32.exe "C:\Users\A. Lines\AppData\Roaming\MecaCkul\MakEqca.dll"
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\...\MountPoints2: {df4baabc-f12a-11e4-9529-00a0c6000000} - "E:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-16] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mobile Mouse.lnk [2015-08-05]
ShortcutTarget: Mobile Mouse.lnk -> C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{633B0D76-9580-4F6E-876E-AA24010949E4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.wow.com/?ncid=txtlnkusaolc00000290&s_pt=source9&s_chn=101&s_chn2=0EyE0DyDtA0Dzz0D0F0E0B0AtA0ByE0A2RtBtDtCyDtCtBtCtAtCtCyEtByDyCtAyEyB
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-01-03] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-16] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-01-03] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-05-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-16] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-05-01] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-01-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-01-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-05-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-05-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-17]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-01-28]
CHR Extension: (Google Drive) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Language Immersion for Chrome) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl [2015-09-13]
CHR Extension: (Tabs Outliner) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2016-01-17]
CHR Extension: (Chrome Remote Desktop) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-29]
CHR Extension: (Cisco WebEx Extension) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-05-01]
CHR Extension: (Coupons at Checkout) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2016-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\A. Lines\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-16] (AVAST Software)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe [69016 2016-02-05] (Google Inc.)
S3 Remote Solver for Flow Simulation 2012; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [109624 2011-08-17] (Mentor Graphics Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-05-01] (SolidWorks) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-16] (AVAST Software)
R3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-05-06] (Phoenix Technologies) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 nwdelgobimbb; C:\Windows\System32\DRIVERS\nwdelgobimbb.sys [399872 2012-11-30] (QUALCOMM Incorporated)
R3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2012-11-30] (Novatel Wireless Inc.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [31472 2014-04-25] (Synaptics Incorporated)
R3 ST_Accel; C:\Windows\system32\drivers\ST_Accel.sys [87776 2013-04-11] (STMicroelectronics)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-24 21:49 - 2016-02-24 21:51 - 00017663 _____ C:\Users\A. Lines\Desktop\FRST.txt
2016-02-24 21:48 - 2016-02-24 21:49 - 00000000 ____D C:\FRST
2016-02-24 21:47 - 2016-02-24 21:47 - 02371072 _____ (Farbar) C:\Users\A. Lines\Desktop\FRST64.exe
2016-02-24 21:35 - 2016-02-24 21:35 - 01722368 _____ (Farbar) C:\Users\A. Lines\Downloads\FRST.exe
2016-02-24 20:51 - 2016-02-24 20:51 - 00003130 _____ C:\Windows\System32\Tasks\Trojan Remover
2016-02-24 20:50 - 2016-02-24 20:50 - 00000000 ____D C:\ProgramData\Loaris
2016-02-24 20:49 - 2016-02-24 20:50 - 49803501 _____ (Loaris, Inc. ) C:\Users\A. Lines\Downloads\setup-ltr-1.3.9.9.exe
2016-02-23 22:56 - 2016-02-23 22:56 - 00000000 ____D C:\Windows\system32\appmgmt
2016-02-23 22:36 - 2016-02-23 22:36 - 00000000 ____D C:\Users\A. Lines\AppData\LocalLow\BitTorrent
2016-02-23 22:19 - 2016-02-23 22:19 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-02-23 22:15 - 2016-02-23 22:16 - 00000000 ____D C:\Users\A. Lines\Desktop\Adobe Acrobat XI
2016-02-23 22:09 - 2016-02-23 22:09 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2016-02-23 22:07 - 2016-02-23 22:07 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\MecaCkul
2016-02-23 21:42 - 2016-02-23 21:42 - 00000000 ____D C:\Users\A. Lines\Documents\Pakistan
2016-02-23 21:33 - 2016-02-23 21:33 - 00045838 _____ C:\Users\A. Lines\Downloads\Visa Application form.pdf
2016-02-23 21:32 - 2016-02-23 21:32 - 00532047 _____ C:\Users\A. Lines\Downloads\Gleich_Visa Application form.pdf
2016-02-23 21:32 - 2016-02-23 21:32 - 00146667 _____ C:\Users\A. Lines\Downloads\Gleich_passport page.pdf
2016-02-22 19:39 - 2016-02-22 19:49 - 78291344 _____ C:\Users\A. Lines\Downloads\[Steve_House,_Scott_Johnston,_Mark_Twight]_Trainin(BookZZ.org).epub
2016-02-22 19:38 - 2016-02-22 19:46 - 76889344 _____ C:\Users\A. Lines\Downloads\[Mark_F._Twight,_James_Martin]_Extreme_Alpinism_C(BookZZ.org).pdf
2016-02-22 07:47 - 2016-02-24 06:38 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-02-19 06:05 - 2016-02-19 06:05 - 00000000 ____D C:\Users\A. Lines\Tracing
2016-02-16 21:14 - 2016-02-16 21:14 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-16 21:14 - 2016-02-16 21:14 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-15 23:54 - 2016-02-15 23:54 - 01114139 _____ C:\Users\A. Lines\Downloads\1991 Ghamubar attempt.pdf
2016-02-08 07:09 - 2016-02-08 07:09 - 00000000 ____D C:\ProgramData\Google
2016-02-08 07:07 - 2016-02-08 07:08 - 08400896 _____ C:\Users\A. Lines\Downloads\chromeremotedesktophost.msi
2016-02-08 07:07 - 2016-02-08 07:07 - 00002306 _____ C:\Users\A. Lines\Desktop\Chrome App Launcher.lnk
2016-02-08 07:07 - 2016-02-08 07:07 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-02-08 07:07 - 2016-02-08 07:07 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-02-04 22:16 - 2016-02-04 22:16 - 00218998 _____ C:\Users\A. Lines\Downloads\Accident Report - 2016-01-29 - Lines & Weeks.pdf
2016-02-04 22:16 - 2016-02-04 22:16 - 00218998 _____ C:\Users\A. Lines\Downloads\Accident Report - 2016-01-29 - Lines & Weeks (1).pdf
2016-02-01 21:06 - 2016-02-01 21:06 - 00231760 _____ C:\Users\A. Lines\Downloads\CrucialScan.exe
2016-02-01 20:48 - 2016-02-01 20:48 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\AMD
2016-02-01 20:41 - 2016-02-01 20:41 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\ATI
2016-02-01 20:41 - 2016-02-01 20:41 - 00000000 ____D C:\Users\A. Lines\AppData\Local\ATI
2016-02-01 20:41 - 2016-02-01 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD FirePro Control Center
2016-02-01 20:41 - 2016-02-01 20:41 - 00000000 ____D C:\ProgramData\ATI
2016-02-01 20:39 - 2016-02-01 20:39 - 00000000 ____D C:\Program Files (x86)\AMD
2016-02-01 20:28 - 2016-02-01 20:28 - 00000000 ____D C:\AMD
2016-02-01 20:23 - 2016-02-01 20:23 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\A. Lines\Downloads\autodetectutility.exe
2016-02-01 20:18 - 2016-02-01 20:44 - 00000000 ____D C:\Users\A. Lines\Downloads\bluescreenview-x64
2016-02-01 20:08 - 2016-02-01 20:08 - 00278480 _____ C:\Windows\Minidump\020116-27409-01.dmp
2016-01-31 18:34 - 2016-01-31 18:34 - 00278480 _____ C:\Windows\Minidump\013116-20311-01.dmp
2016-01-29 17:46 - 2016-01-29 17:46 - 00278480 _____ C:\Windows\Minidump\012916-20935-01.dmp
2016-01-29 16:29 - 2016-01-29 16:29 - 00278480 _____ C:\Windows\Minidump\012916-19968-01.dmp
2016-01-29 15:37 - 2016-01-29 16:15 - 00219066 _____ C:\Users\A. Lines\Documents\Accident Report - 2016-01-29 - Lines & Weeks.pdf
2016-01-29 12:41 - 2016-01-29 13:23 - 00000000 ____D C:\Users\A. Lines\Downloads\The Revenant (2015)720p DvDScr x264 DD 5.1-jackane NL Subs 2LT
2016-01-29 12:19 - 2016-01-29 12:19 - 00251073 _____ C:\Users\A. Lines\Downloads\W2 - 2014.pdf
2016-01-29 12:17 - 2016-01-29 12:17 - 00280765 _____ C:\Users\A. Lines\Downloads\W2 - 2015.pdf
2016-01-29 12:14 - 2016-01-29 12:20 - 00000000 ____D C:\Users\A. Lines\Documents\Taxes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-24 21:31 - 2015-05-04 20:34 - 00000000 ____D C:\Users\A. Lines\Documents\Reference
2016-02-24 21:31 - 2009-07-13 23:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-24 21:31 - 2009-07-13 23:45 - 00021920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-24 21:20 - 2015-05-01 18:00 - 00000000 ____D C:\Users\A. Lines\AppData\Local\TempSWBackupDirectory
2016-02-24 21:01 - 2014-01-10 11:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-24 19:30 - 2015-05-01 17:07 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\SolidWorks
2016-02-24 19:29 - 2016-01-13 20:21 - 00000000 ____D C:\Users\A. Lines\Documents\Outlook Files
2016-02-24 07:24 - 2015-08-04 20:50 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\BitTorrent
2016-02-24 06:43 - 2009-07-14 00:13 - 00785554 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-24 06:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-24 06:38 - 2015-05-01 17:01 - 00140152 _____ C:\Users\A. Lines\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-24 06:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-24 06:36 - 2009-07-13 23:45 - 00526936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-23 22:56 - 2015-11-29 16:10 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-23 22:56 - 2014-01-10 11:20 - 00000000 ____D C:\ProgramData\Adobe
2016-02-23 22:39 - 2015-05-01 17:00 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\Adobe
2016-02-23 22:39 - 2015-05-01 17:00 - 00000000 ____D C:\Users\A. Lines\AppData\Local\Adobe
2016-02-23 21:07 - 2015-05-01 17:27 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-02-23 04:10 - 2015-08-17 20:17 - 00017722 _____ C:\Windows\solvermfc.INI
2016-02-21 11:38 - 2015-09-13 11:52 - 00000000 ____D C:\Users\A. Lines\Documents\CIS
2016-02-21 09:27 - 2015-05-31 13:36 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\Skype
2016-02-19 15:30 - 2014-01-10 11:23 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 15:30 - 2014-01-10 11:23 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 06:05 - 2015-05-01 17:00 - 00000000 ____D C:\Users\A. Lines
2016-02-18 22:20 - 2015-11-29 16:11 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-17 02:19 - 2014-01-10 11:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-16 21:15 - 2015-05-01 17:27 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-16 21:15 - 2015-05-01 17:27 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-02-16 21:14 - 2015-05-01 17:27 - 01065720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-16 21:14 - 2015-05-01 17:27 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-16 21:14 - 2015-05-01 17:27 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-16 21:14 - 2015-05-01 17:27 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-16 21:14 - 2015-05-01 17:27 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-16 21:14 - 2015-05-01 17:27 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-02 20:57 - 2015-05-31 17:32 - 00000000 ____D C:\Users\A. Lines\AppData\Roaming\vlc
2016-02-01 20:34 - 2015-10-14 19:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-01 20:33 - 2015-04-28 12:01 - 00000000 ____D C:\Program Files\AMD
2016-02-01 20:18 - 2015-01-29 10:11 - 00146528 _____ (NirSoft) C:\Users\A. Lines\Desktop\BlueScreenView.exe
2016-02-01 20:08 - 2015-05-19 05:57 - 559403080 _____ C:\Windows\MEMORY.DMP
2016-02-01 20:08 - 2015-05-19 05:57 - 00000000 ____D C:\Windows\Minidump
2016-02-01 15:12 - 2014-01-10 11:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 15:12 - 2014-01-10 11:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 15:12 - 2014-01-10 11:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-01 15:12 - 2014-01-10 11:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-29 12:35 - 2015-06-02 19:55 - 00000000 ____D C:\Users\A. Lines\Documents\eBooks
2016-01-29 11:50 - 2015-05-01 17:59 - 00000000 ____D C:\Users\A. Lines\AppData\Local\SolidWorks
2016-01-29 01:35 - 2015-08-23 19:25 - 00000000 ____D C:\Users\A. Lines\Documents\Ed's Cabin
 
==================== Files in the root of some directories =======
 
2015-12-06 23:19 - 2015-12-06 23:19 - 0977855 _____ () C:\Users\A. Lines\AppData\Local\RAR-File-Opener_1779.rar
2015-12-13 11:42 - 2015-12-06 23:19 - 1029208 _____ (Installer                                                   ) C:\Users\A. Lines\AppData\Local\rarfileopener_setup.exe
2015-05-05 21:21 - 2015-05-05 21:21 - 0007609 _____ () C:\Users\A. Lines\AppData\Local\Resmon.ResmonCfg
2015-10-07 19:41 - 2015-10-07 21:01 - 0000000 _____ () C:\Users\A. Lines\AppData\Local\Temptable.xml
2016-01-17 10:59 - 2016-01-17 11:03 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Windows\Tasks\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}.job
 
 
Some files in TEMP:
====================
C:\Users\A. Lines\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-18 13:15
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by A. Lines (2016-02-24 21:52:12)
Running from C:\Users\A. Lines\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-05-01 22:00:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
A. Lines (S-1-5-21-4253142918-38096452-1358066440-1000 - Administrator - Enabled) => C:\Users\A. Lines
Administrator (S-1-5-21-4253142918-38096452-1358066440-500 - Administrator - Disabled)
Guest (S-1-5-21-4253142918-38096452-1358066440-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4253142918-38096452-1358066440-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chrome Remote Desktop Host (HKLM-x32\...\{EBFF2EA1-3944-4CA2-89FA-8B70C0058DD3}) (Version: 49.0.2623.40 - Google Inc.)
COSMOSM 2012 x64 Edition (2010/290) (Version: 20.100.002 - SolidWorks Corporation) Hidden
eDrawings 2016 x64 (HKLM\...\{CC5C83ED-3E2B-4037-BB06-6FB697AF60EB}) (Version: 16.0.5009 - Dassault Systèmes SolidWorks Corp)
ePub Reader for Windows version 5.3 (HKLM-x32\...\{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1) (Version: 5.3 - HANSoft, Inc.)
Free Rar File Opener (HKLM-x32\...\{C4F94FD8-9CF5-40B5-9695-FC5BCD22F062}_is1) (Version: 1.0 - Media Freeware)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
inReach Sync (HKLM-x32\...\{f65dc620-5c22-4170-b32a-ff622d61274e}) (Version: 1.3.5.9174 - DeLorme)
inReach Sync (x32 Version: 1.3.5.9174 - DeLorme) Hidden
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.3 - Intel)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 7 Update 80 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Kindlian (HKLM-x32\...\{6BC15173-1A04-4400-BAF2-4674B6DD36DE}) (Version: 3.9.0 - Kindlian)
LibreOffice 4.1.4.2 (HKLM-x32\...\{94E11973-ED58-47A0-907C-ABF6D95C5DD8}) (Version: 4.1.4.2 - The Document Foundation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Mouse Server (HKLM-x32\...\{C366A146-F0A2-411F-9C8D-CEED6C734BF1}) (Version: 3.3.0 - RPA Tech, Inc)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version:  - CPUID)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1047.0 - Passmark Software)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.2.0000 - ETS)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SolidWorks 2012 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20120-40000-1100-100) (Version: 20.0.0.5022 - SolidWorks Corporation)
SolidWorks 2012 x64 Edition SP0 (Version: 20.100.5022 - SolidWorks) Hidden
SolidWorks eDrawings 2012 x64 Edition SP0 (Version: 12.0.5015 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2012 SP0 x64 Edition (Version: 20.00.5022 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2012 SP0 x64 Edition  (Version: 20.00.5023 - SolidWorks Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0527739B-610B-40C9-8786-077BA06A5D83} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {0F9374F0-B063-4513-B8E2-F07AEE360CAA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2852CFF8-C7D7-43F7-B71C-4D6B6A32C17A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-31] (Adobe Systems Incorporated)
Task: {50F5FF64-B61D-4344-96F3-938899EF4618} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-08-17] ()
Task: {69B7A06A-B3DE-4A0B-904F-A517CCAAF609} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {77955717-AB17-4E7B-B5AC-389694A4A669} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-16] (AVAST Software)
Task: {8830ABD2-4A2A-46CA-8583-81D1C54F3D9E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9E4F17EE-837D-44BA-8CEF-4A29CCAF2324} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AAC3BA48-D120-49B1-8166-45A0D57499CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {ACFC94A3-DC97-46DF-8976-1C038A7546E4} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-17] (AVAST Software)
Task: {B4EB7146-8D74-491A-B02D-31FE488FA215} - System32\Tasks\Trojan Remover => C:\Program Files\Loaris\Trojan Remover\ltr.exe
Task: {C072FC9C-9CDC-4050-931C-545B192EF645} - System32\Tasks\{80DD8B9A-D845-4E55-8128-EC269EEF619A} => pcalua.exe -a "C:\Users\A. Lines\Downloads\eDrawingsAllX64.exe" -d "C:\Users\A. Lines\Downloads"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}.job => C:\Users\A. Lines\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exeڀ/i C:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends 3.0.1\install\LoL.NA.msi AI_RESUME=1 ADDLOCAL=BAEAC99E_37AC_4DB1_8AA2_D0B4B5C09ED_1,LeagueofLegends,LeagueofLegends_GameClient,D2BCE474_49DC_4169_8EFD_7CAB0921B614,F477261_82C3_4613_8028_BC4B6AA8AD37,LoLStartMenuShortcut REMOVE=LoLDesktopShortcut PRIMARYFOLDER=APPDIR ROOTDRIVE=C:\ AI_PREREQFILES=C:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\DXSETUP.exeC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_d3dx9_39_x86.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_d3dx10_39_x86.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\Aug2008_XAudio_x86.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\DSETUP.dllC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\dsetup32.dllC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxdllreg_x86.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxnt.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\dxupdate.cabC:\Users\A. Lines\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x86.exe AI_PREREQDIRS=C:\Users\A. Lines\AppData\Roaming\Riot Games AI_SETUPEXEPATH=C:\Users\A. Lines\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-18 13:08 - 2015-03-18 13:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-15 15:13 - 2015-04-15 15:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-02 17:54 - 2015-03-02 17:54 - 00052600 _____ () C:\Program Files (x86)\Air Mouse\Air Mouse\UIHelperDesktop.exe
2015-02-10 13:12 - 2015-02-10 13:12 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2014-01-23 15:05 - 2014-01-23 15:05 - 01424552 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2011-01-24 02:03 - 2011-01-24 02:03 - 00607016 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\greta.dll
2011-09-27 03:53 - 2011-09-27 03:53 - 00323144 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00237640 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\featurecplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00954952 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\CouplingBase.dll
2015-05-31 13:36 - 2015-05-31 13:36 - 00364544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\featurecplu\7788220d7249db351c127ea1472452a0\featurecplu.ni.dll
2015-05-31 13:36 - 2015-05-31 13:36 - 01707520 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\couplingBase\89c81d8b9105ad44af3ceb775a5326e2\couplingBase.ni.dll
2011-09-27 03:53 - 2011-09-27 03:53 - 04236360 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldcoreu.dll
2011-09-27 03:56 - 2011-09-27 03:56 - 00199240 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\wpfsupport.dll
2011-09-27 03:50 - 2011-09-27 03:50 - 00202312 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\annotationcplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00314952 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\asmfeaturecplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00403528 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\contentcplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00083528 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\environmentcplu.dll
2011-09-27 03:52 - 2011-09-27 03:52 - 00153672 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\refgeomcplu.dll
2011-09-27 03:52 - 2011-09-27 03:52 - 00313928 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sheetmetalcplu.dll
2011-09-27 03:52 - 2011-09-27 03:52 - 00659016 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\Sketchcplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00076360 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\clrloadu.dll
2015-05-04 21:48 - 2015-05-04 21:48 - 00114688 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\clrloadu\3553f36921968c31f5d1d858c32e24ff\clrloadu.ni.dll
2015-05-31 13:36 - 2015-05-31 13:36 - 00335872 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\annotationcplu\414e7d06595a3c51607711a7d208b510\annotationcplu.ni.dll
2015-05-31 13:36 - 2015-05-31 13:36 - 00653312 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\asmfeaturecplu\3310775a2f627517bd58b252d73312bd\asmfeaturecplu.ni.dll
2015-05-31 13:36 - 2015-05-31 13:36 - 00785920 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\contentcplu\e838f0b464740fc1376095e0e6585aac\contentcplu.ni.dll
2015-05-31 13:37 - 2015-05-31 13:37 - 00271360 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\refgeomcplu\92eefdfd35e889c74a130552ee72a61b\refgeomcplu.ni.dll
2015-05-31 13:37 - 2015-05-31 13:37 - 00668160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\sheetmetalcplu\d5aede94e4eafc8675e3805e43c46ab9\sheetmetalcplu.ni.dll
2015-05-31 13:37 - 2015-05-31 13:37 - 01102848 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\Sketchcplu\b80e9eb830faf2d11c3edac62d6add86\Sketchcplu.ni.dll
2007-10-03 01:24 - 2007-10-03 01:24 - 00133912 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\swaxplan.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00197192 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\assemblycplu.dll
2011-09-27 03:51 - 2011-09-27 03:51 - 00932424 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\doccplu.dll
2011-09-27 03:52 - 2011-09-27 03:52 - 00182344 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\partcplu.dll
2011-09-27 03:53 - 2011-09-27 03:53 - 00073800 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldcosmosgcu.dll
2016-02-16 21:14 - 2016-02-16 21:14 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-16 21:14 - 2016-02-16 21:14 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-23 21:06 - 2016-02-23 21:06 - 02836480 _____ () C:\Program Files\AVAST Software\Avast\defs\16022301\algo.dll
2016-02-16 21:14 - 2016-02-16 21:14 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-24 06:37 - 2016-02-24 06:37 - 02836480 _____ () C:\Program Files\AVAST Software\Avast\defs\16022400\algo.dll
2016-02-24 10:41 - 2016-02-24 10:41 - 02836480 _____ () C:\Program Files\AVAST Software\Avast\defs\16022401\algo.dll
2016-02-16 21:14 - 2016-02-16 21:14 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2015-05-05 20:59 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-05 20:59 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-05 20:59 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-05-05 20:59 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-05-05 20:59 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-04 22:26 - 2016-01-04 22:26 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2007-08-21 19:46 - 2007-08-21 19:46 - 00059160 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\swVBAServer\zlib.dll
2011-01-24 02:03 - 2011-01-24 02:03 - 00419624 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\swVBAServer\greta.dll
2015-03-18 13:08 - 2015-03-18 13:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-02-19 15:30 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 15:30 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2011-09-27 03:58 - 2011-09-27 03:58 - 00070728 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\Simulation\ucalc32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\A. Lines\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CoordinatorServiceHost => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk => C:\Windows\pss\SolidWorks Background Downloader.lnk.CommonStartup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_45E8DDE4492D186436ABA8B1A7068126 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{5895A909-A11D-4A2F-823D-28B40813737A}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{7454EC05-D466-4E92-9BB2-EDEDBB37B09A}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{D362B9CF-31CE-4CE5-A920-ED801D2756EF}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{A55F3255-4D46-4164-9D99-97357A5EB505}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{9A62F658-951C-4AE0-8F07-20861200997F}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{2EE9D413-4586-4DCE-90C7-2066322766F8}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{AFE9666D-2DF3-4725-94A7-60BD2E21D5FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{4E128CA4-D6F9-4F70-BEF3-7B710B533E6E}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C7FB5940-76AD-4354-A0D5-EB5EB4BEC4E9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BB6B9632-4E47-441B-A0CA-BBD6D0044F2B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FD002162-E563-45C0-B561-A6AB1419B1A5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{91162A0A-2644-423B-A4F5-1F2664A40BD3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B9B21575-DD4C-4C96-BD5F-227AA3970AFF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{17D3D0E4-2085-46A1-A8BE-E8F30369D0DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{08FF9EB9-D597-4E41-A77F-B4F19CDFA165}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{832018D7-3505-49F9-A060-FADCB5B2EB35}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{BB6CE900-F328-4E81-9A37-CA7AFFE2EE83}C:\program files (x86)\air mouse\air mouse\air mouse.exe] => (Allow) C:\program files (x86)\air mouse\air mouse\air mouse.exe
FirewallRules: [UDP Query User{86A59C0C-7640-47B6-B721-CB41F73D805B}C:\program files (x86)\air mouse\air mouse\air mouse.exe] => (Allow) C:\program files (x86)\air mouse\air mouse\air mouse.exe
FirewallRules: [{D025F7BF-057A-4CDE-8E01-D384B520D689}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{88864E66-EA07-425B-984B-C82566846420}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{21E0E106-FF8F-40A9-97E7-D6E867C61847}] => (Allow) C:\Users\A. Lines\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{456A6518-9D22-4B58-B4E6-2FA306564063}] => (Allow) C:\Users\A. Lines\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{E426FD78-ABA1-4C6B-A698-90B0F8AA4189}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [UDP Query User{99B3DC49-1C97-4D74-A794-37060D37D04B}C:\program files\android\android studio\bin\studio64.exe] => (Allow) C:\program files\android\android studio\bin\studio64.exe
FirewallRules: [{05CC894C-984D-4200-A8AD-2982CB835ABD}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CF9DE7DF-5932-41CC-B78F-33773A70DFF1}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5D4A5F81-B21F-4C0E-9158-3DEA5ED61A4E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{FCA18EBE-3CD2-403A-98C2-251D4B272B67}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{098C1241-31A3-477F-9B84-C63E1D1BE6AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{404EC51A-057B-4510-B141-3354D6DB0D5F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2901FAF4-5E0F-4081-BF0E-FA00AB59911A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{377C41A1-5BC3-4B41-AB3A-0D4BAF5A4E7B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{25E11C00-775D-42A7-93CD-A7F0BFE13200}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\49.0.2623.40\remoting_host.exe
FirewallRules: [{C49D5DA5-71C4-4A00-ADED-6F86B56679CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B04D7D2E-6895-4867-A3C5-B96B72FD4B37}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
19-02-2016 00:00:02 Scheduled Checkpoint
23-02-2016 22:00:22 Installed Adobe Acrobat 9 Pro Extended - English, Français, Deutsch.
23-02-2016 22:17:13 Installed Adobe Acrobat XI Pro.
23-02-2016 22:50:54 Removed Adobe Acrobat XI Pro.
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/24/2016 09:47:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17910, time stamp: 0x5585a964
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x27bc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/24/2016 09:46:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17910, time stamp: 0x5585a964
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x2c34
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/24/2016 09:39:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17910, time stamp: 0x5585a964
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x1488
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/24/2016 09:38:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17910, time stamp: 0x5585a964
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x33f0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/24/2016 06:39:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.17923, time stamp: 0x55945dbd
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x14f4
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
 
Error: (02/24/2016 06:38:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWX.exe, version: 6.3.9600.17923, time stamp: 0x55945db6
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x10f8
Faulting application start time: 0xGWX.exe0
Faulting application path: GWX.exe1
Faulting module path: GWX.exe2
Report Id: GWX.exe3
 
Error: (02/24/2016 06:38:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CLIStart.exe, version: 3.5.0.0, time stamp: 0x55c03bf3
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x590
Faulting application start time: 0xCLIStart.exe0
Faulting application path: CLIStart.exe1
Faulting module path: CLIStart.exe2
Report Id: CLIStart.exe3
 
Error: (02/24/2016 06:37:15 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/23/2016 10:55:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: runonce.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a253
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x8b8
Faulting application start time: 0xrunonce.exe0
Faulting application path: runonce.exe1
Faulting module path: runonce.exe2
Report Id: runonce.exe3
 
Error: (02/23/2016 10:50:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sldProcMon.exe, version: 20.0.0.5022, time stamp: 0x4e811bb5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xc0000002
Fault offset: 0x000000000000b3dd
Faulting process id: 0x1294
Faulting application start time: 0xsldProcMon.exe0
Faulting application path: sldProcMon.exe1
Faulting module path: sldProcMon.exe2
Report Id: sldProcMon.exe3
 
 
System errors:
=============
Error: (02/24/2016 08:17:10 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (02/24/2016 07:41:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (02/24/2016 07:24:43 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (02/24/2016 06:34:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (02/24/2016 04:39:50 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (02/24/2016 02:18:29 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (02/24/2016 01:38:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (02/24/2016 01:22:33 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (02/24/2016 01:21:39 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (02/24/2016 01:21:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
 
CodeIntegrity:
===================================
  Date: 2015-05-06 06:40:28.407
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-06 06:40:28.375
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-06 06:40:28.344
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-06 06:40:28.313
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-06 06:40:28.282
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-06 06:40:28.251
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-06 06:40:28.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-06 06:40:28.188
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-06 06:40:28.157
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-06 06:40:28.126
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\drivers\DrvAgent64.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 67%
Total physical RAM: 7413.05 MB
Available physical RAM: 2423.82 MB
Total Virtual: 23795.26 MB
Available Virtual: 16114.86 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:691.81 GB) (Free:455.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:29.8 GB) (Free:20.4 GB) FAT32
Drive g: () (Fixed) (Total:930.74 GB) (Free:731.52 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 738B366A)
Partition 1: (Not Active) - (Size=6.8 GB) - (Type=27)
Partition 2: (Active) - (Size=691.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 930.9 GB) (Disk ID: 73696D20)
No partition Table on disk 1.
 
========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,709 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
[attachment=80434:fixlist.txt]
 
Run FRST and press Fix
A fixlog.txt will be generated (in the same folder as FRST) please Copy and Paste that into a Reply.
 
Clear the Java Cache by following the instructions on
 
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 79 (64-bit) 
Java 7 Update 80 
Java SE Development Kit 7 Update 79 (64-bit)
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
(If you also want the 64 bit version then use the 64 bit version of IE to get it.)
 
Also uninstall Spybot S&D.  We no longer recommend it.
 
Have you run a boot-time scan with Avast yet?  It takes like 6 hours so I usually let it run at night.
 
Open Avast, Scan, Scan for Viruses, Change the Quick Scan (in the box in the center of the page) to Boot-time Scan.  Then at the bottom of the page click on Scan Settings.
 
Make sure both boxes are checked and click on the gray box to the right of the orange ones.  It should turn orange.  Change where it says "Fix Automatically" to "Move to
Chest."  OK.  Now click on Start and then close Avast.  Mute your speakers so it doesn't wake you up when Windows boots.
 
When you reboot you will see the scan start.  It will tell you where it says its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:
 
 
Copy and paste the text from the log to a Reply when done.
 
 
 

 


  • 0

#3
walter007

walter007

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by A. Lines (2016-02-28 12:05:13) Run:1
Running from C:\Users\A. Lines\Desktop
Loaded Profiles: A. Lines (Available Profiles: A. Lines)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\...\Run: [3586113842] => regsvr32.exe "C:\Users\A. Lines\AppData\Roaming\MecaCkul\MakEqca.dll"
C:\Users\A. Lines\AppData\Roaming\MecaCkul
EmptyTemp:
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
HKU\S-1-5-21-4253142918-38096452-1358066440-1000\Software\Microsoft\Windows\CurrentVersion\Run\\3586113842 => value removed successfully
C:\Users\A. Lines\AppData\Roaming\MecaCkul => moved successfully
EmptyTemp: => 2.7 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 12:09:01 ====

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,709 posts
  • MVP

Is Avast still blocking a threat?  Did you run the boot-time scan yet?


  • 0






Similar Topics


Also tagged with one or more of these keywords: reannewscomm, malware, infection

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP