Hello, if I found myself on this forum it's because I have a quite annoying error message that keeps spamming me! Here it is: RegAsm.exe - Application Error The application failed to start correctly (0xc0000005). Click OK to close the application. PS: The applications work perfectly, I can launch them, access them, etc. Thank you in advance!

Hello, To see if there's an infection: Follow this FRST tutorial: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/ (and take your time to read thoroughly in order to apply it correctly - everything is explained there). Download and run the FRST scan, it will generate three FRST reports: FRST.txt Shortcut.txt Additionnal.txt Send, as explained, these three reports to the website http://pjjoint.malekal.com and in return provide the three pjjoint links that lead to those reports here in a new response so that we can review them. -- Like the angel you are, you laugh creating a lightness in my chest, Your eyes they penetrate me, (Your answer's always 'maybe') That's when I got up and left

Spam RegAsm.exe : CCM

Answer 1 / 5

Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention 24 711

Your computer is infected with Rats (i.e. Trojan) and adwares.
Uninstall:
RegTweaker
Advanced System Care and all IObit programs, these programs are useless.

~~

Here is the correction to be made with FRST.
You can refer to this explanatory note with screenshots to help you: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Open Notepad: Windows Key + R, in the run field, type notepad and hit OK.
Copy/paste the following into it:

HKU\S-1-5-21-527844870-2503974931-2983804076-1001\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-05-05] ()
HKU\S-1-5-21-527844870-2503974931-2983804076-1001\...\Run: [Microsoft] => C:\Users\Kenan\AppData\Local\Temp\Windows\filename.exe [1039360 2015-05-25] () <===== WARNING
HKU\S-1-5-21-527844870-2503974931-2983804076-1001\...\Run: [yDGNErhMDGKabAMTaVWmyyEhBvYkVhhqlWSbYoEdRkAd] => C:\Users\Kenan\AppData\Roaming\explorer.exe [376832 2015-05-30] ()
HKU\S-1-5-21-527844870-2503974931-2983804076-1001\...\RunOnce: [Microsoft Corporation] => C:\Users\Kenan\AppData\Local\Temp\Ind\boot.lnk [1809 2015-05-30] () <===== WARNING
HKU\S-1-5-21-527844870-2503974931-2983804076-1001\...\Winlogon: [Shell] C:\Users\Kenan\AppData\Local\Temp\Windows\filename.exe,explorer.exe <==== WARNING
Startup: C:\Users\Kenan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-10]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{bf414ea8-c91d-2dba-bf41-14ea8c913aa3}\hqghumeaylnlf.exe (Super PC Tools Ltd)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487424 2015-05-29] (Windows SysTool) [File not signed] <==== WARNING
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [426128 2015-05-28] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== WARNING
R2 cae99edb; c:\Program Files (x86)\super optimizer\supoptstats.dll [1758256 2015-05-10] ()
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [157824 2015-05-29] (XTab system)
2015-05-30 11:21 - 2015-05-30 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegTweaker
2015-05-30 11:21 - 2015-05-30 11:21 - 00000000 ____D () C:\Program Files (x86)\RegTweaker
2015-05-30 11:19 - 2015-05-30 11:19 - 00000000 ____D () C:\Users\Kenan\AppData\Roaming\KSafe
2015-05-30 11:19 - 2015-05-30 11:19 - 00000000 ____D () C:\ProgramData\KSafe
2015-05-30 11:19 - 2015-05-30 11:19 - 00000000 ____D () C:\Program Files (x86)\DllTool
2015-05-30 11:18 - 2015-05-30 11:19 - 08466168 _____ ( ) C:\Users\Kenan\Downloads\DllTool.exe
2015-05-30 11:07 - 2015-05-30 11:07 - 00281176 _____ () C:\Windows\Minidump\053015-20671-01.dmp
2015-05-30 11:07 - 2015-05-30 11:07 - 00000000 ____D () C:\Windows\Minidump
2015-05-30 11:01 - 2015-05-30 11:12 - 00000158 _____ () C:\Windows\Reimage.ini
2015-05-30 11:01 - 2015-05-30 11:01 - 00768512 _____ (Reimage®) C:\Users\Kenan\Downloads\ReimageRepair.exe
2015-05-30 10:50 - 2015-05-30 10:53 - 00000000 ____D () C:\Users\Kenan\AppData\Roaming\Solvusoft
2015-05-30 10:50 - 2015-05-30 10:50 - 03894696 _____ (solvusoft Corporation ) C:\Users\Kenan\Downloads\Setup_WinThruster_2015.exe
2015-05-30 10:50 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\Windows\system32\roboot64.exe
2015-05-30 10:38 - 2015-05-30 11:08 - 00000000 ____D () C:\Users\Kenan\AppData\Roaming\Windows
2015-05-30 10:34 - 2015-05-30 02:22 - 00376832 ____H () C:\Users\Kenan\Desktop\[HUD] Master.exe
2015-05-30 10:34 - 2015-05-30 02:22 - 00376832 ____H () C:\Users\Kenan\AppData\Roaming\explorer.exe
2015-05-29 21:00 - 2015-05-30 10:05 - 00000024 _____ () C:\Users\Kenan\AppData\Roaming\appdataFr25.bin
2015-05-29 17:13 - 2015-05-30 11:13 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2015-05-29 17:13 - 2015-05-29 17:13 - 00000000 ____D () C:\Users\Kenan\AppData\Roaming\WinZipper
2015-05-29 17:13 - 2015-05-29 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
2015-05-29 21:00 - 2015-05-30 10:05 - 0000024 _____ () C:\Users\Kenan\AppData\Roaming\appdataFr25.bin
2015-05-30 10:34 - 2015-05-30 02:22 - 0376832 ____H () C:\Users\Kenan\AppData\Roaming\explorer.exe

Once the text is pasted in Notepad.
File menu then Save As.
On the left, navigate to the desktop.
In the field below, file name enter: fixlist.txt
Click Save - this will create a fixlist.txt file on the desktop.

Restart FRST and click the Fix button
Depending on how a restart is necessary (not required).
A text file appears, copy/paste the content here in a new message.

Restart the computer

Then reset your browsers:
==================================
Reset your browsers and/or manually reconfigure your web browsers (homepage, search engine, etc.) but also remove/disable unnecessary/parasite extensions:

Firefox: https://www.malekal.com/reparer-firefox/?t=36057&start=
Google Chrome: https://www.malekal.com/reparer-google-chrome/?t=35837&start=
Internet Explorer and add-ons / search engines: https://forum.malekal.com/viewtopic.php?t=41399&start=

Then:

Malwarebytes Scan (time: about 40 min scan):
==================================================
Download and install Malwarebytes: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Update it and then run a scan.

At the end of the scan, click "Quarantine All" at the bottom left.
Restart the computer if needed.
After reboot, relaunch Malwarebytes.
Look for the report in the History tab.
On the left Examination History.
Double-click on the examination in the list.
Then at the bottom Copy to clipboard
Go to http://pjjoint.malekal.com and at the bottom, right-click / paste to paste the Malwarebytes scan report.
Click Send.
In a new message here in response, provide the pjjoint link to consult the report.

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left

ReGaSmi

It's not noted to quarantine but to delete unwanted files, it's the same thing :p
PS: In the unwanted files, there is indeed 'Trojan'

ReGaSmi

Désolé, je ne peux pas accéder à des liens externes.

ReGaSmi

They are all quarantined but the error message persists.

Answer 2 / 5

Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention 24 711

Yep, a lot of adware (PUP.Optional) and Trojans:

Trojan.Agent.E, C:\Users\Kenan\AppData\Local\Temp\Microsoft Maintenance\WinData.exe, Quarantined, [9b2eefaa543625118f6e5c207b8ac13f],

It should be better now, change all your web passwords (Facebook, email, etc.).

Do you confirm that it’s better?

--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left

ReGaSmi

No, it keeps giving me the same error message every time :/ So I deleted the files that were in quarantine and still the same result.

Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention 24 711

Can you provide the FRST correction report?

ReGaSmi > Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention

Sorry, I'm lost. Do I need to rescan and then resend a report?

Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention 24 711

No, you did not provide the requested correction report in this message: https://forums.commentcamarche.net/forum/affich-32042843-spam-regasm-exe#4

I therefore have the impression that you did not make the correction.

ReGaSmi

Is that the one? I've got a .txt file called fixlog.

Answer 3 / 5

Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention 24 711

ok,

Do an online NOD32 scan: https://www.malekal.com/scan-antivirus-ligne-nod32/#NOD32
Save the report
Send it to http://pjjoint.malekal.com
Post the link here.

Then do another FRST scan like the first time and provide the reports via http://pjjoint.malekal.com

--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left

ReGaSmi

For the online scan, it takes too long and my computer restarts for no reason... is the scan necessary?

ReGaSmi

And couldn't we just get straight to the point and remove what's not working?

Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention 24 711

This is what we are supposed to know is done with FRST.
Maybe he didn't manage to delete everything.
We need to check with a new analysis.
It would also be good to run the NOD32 scan first.

ReGaSmi > Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention

FRST : http://pjjoint.malekal.com/files.php?id=20150530_h12i12y11b12i5
addition : http://pjjoint.malekal.com/files.php?id=20150530_e7y7o15k9w8
Raccourci : http://pjjoint.malekal.com/files.php?id=20150530_j11r8r5p13q5
hop

Answer 4 / 5

Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention 24 711

Can you check the properties of this shortcut to see what it launches C:\Users\Kenan\AppData\Local\Temp\Ind\boot.lnk?

Windows key + R
type %TEMP% and OK
you should have an Ind folder and inside boot
right click then properties
what's in Target?

~~

Here is the correction to be made with FRST.
You can refer to this explanatory note with screenshots to help you: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Open Notepad: Windows key + R, in the run field, type notepad and OK.
Copy/paste the following into it:

2015-05-30 12:57 - 2015-05-30 16:35 - 00000000 ____D () C:\Users\Kenan\AppData\Roaming\Windows
HKU\S-1-5-21-527844870-2503974931-2983804076-1001\...\RunOnce: [Microsoft Corporation] => C:\Users\Kenan\AppData\Local\Temp\Ind\boot.lnk [1809 2015-05-30] () <===== WARNING
2015-05-10 00:40 - 2015-05-10 00:40 - 00000000 ____D () C:\Program Files (x86)\predm
2015-05-10 00:38 - 2015-05-30 13:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
EmptyTemp:

Once the text is pasted into Notepad.
File menu then Save As.
On the left, go to the desktop.
In the field below, file name put: fixlist.txt
Click on Save - this will create a fixlist.txt file on the desktop.

Restart FRST and click on the Fix button
Depending on how a restart is necessary (not mandatory).
A text file appears, copy/paste the content here in a new message.

Restart the computer

--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left

ReGaSmi

I will try.

ReGaSmi

In the target, there is this: C:\Users\Kenan\AppData\Roaming\Windows\WinData.exe

ReGaSmi

And no text file appears upon restart :/

ReGaSmi

I no longer have the error message!

Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention 24 711

You can register on the forum, I want to send you a private message.
=> https://www.commentcamarche.net/infos/25881-etre-membre-de-commentcamarche-pourquoi-comment/

Answer 5 / 5

Malekal_morte- Posted messages 178136 Registration date Status Moderator, Security Contributor Last intervention 24 711

Hello,

To see if there's an infection:

Follow this FRST tutorial: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
(and take your time to read thoroughly in order to apply it correctly - everything is explained there).
Download and run the FRST scan, it will generate three FRST reports:

FRST.txt
Shortcut.txt
Additionnal.txt

Send, as explained, these three reports to the website http://pjjoint.malekal.com and in return provide the three pjjoint links that lead to those reports here in a new response so that we can review them.

--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left

ReGaSmi

http://pjjoint.malekal.com/files.php?id=20150530_d6m10j12y1411 (Addition)
http://pjjoint.malekal.com/files.php?id=FRST_20150530_q9g6u7z13z14 (FRST)
http://pjjoint.malekal.com/files.php?id=20150530_c11s14k7l7d15 (Raccourci)
Thank you for the quick response xD

Spam RegAsm.exe

5 answers

2 bugs to fix

I want to download a game on my pc.

Remove totaladblock

Linux to replace w10

Texture issues in enshrouded

Wireless printer setup

How to install an esim on a samsung smartwatch

My surface pro 4 tablet is saturated

Problem with my sound!

Trojan horse, virus