Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Malware undetected by Malware Fighter


Recommended Posts

Posted

Hi,

 

Some introduction before I get to the problem.

 

Yesterday I was watching a youtube video and got a virus notification. I thought nothing of it as Avast blocked it, until I started getting these popups requesting server access to my computer to download a file called "thawbrkr.dll". Every time I clicked "no" the popup would reappear after about 1-2 minutes. I tried to determine what was causing the popups to appear, to no avail (I'm fairly experienced with dealing with viruses and malware; so I checked the usual places AppData, ProgramData, Windows, Program Files, and Temp folders but found nothing at all). I figured that accepting it would cause the virus more access but I was at wits end and figured that once it was on the machine I could get rid of it.

 

So now I have this virus that keeps being blocked by my Avast Antivirus scanner, called "Reannewscomm.com". Every 10-15 seconds it blocks its attempt, for the past 2-3 hours now that I've been trying to get rid of it. I ran a complete scan of Malware Fighter and it did not detect it, and a complete scan of Avast Antivirus, and it didn't find it. I've looked in the usual places again, and deleted any temporary files that came on the computer today (March 8), any cookies for today, and reupdated both Avast and Malware fighter to no avail.

 

I tried to follow several guides on how to remove it manually (as the other option requires buying a tool that I've never heard of before and it only scans for free), and none have succeeded. All the usual indications of this virus are not present yet as Avast blocks it from putting those down and activating them. However, something is clearly trying to activate but I don't know where to find it.

 

The reason I'm posting it here is that it was suggested by a forum user in False Positives to post here.

-----

Now, some updates on this... I've been working on getting some help from Avast Antivirus Forums, and they managed to provide a partial fix for the problem (link to that discussion =

https://forum.avast.com/?topic=184026.0). It is linked so that you can see what has / hasn't been done. The partial fix is that "Reannewscomm.com" no longer appears as a popup to be blocked. Instead it has been replaced by 4 new sites, each named differently, URL:Mal and C:/windows/explorer.exe ... However, Malware fighter is still not detecting the malware; if its any consolation, neither is MalwareBytes, which I downloaded for a second opinion. These 4 sites popup all together in a group of Avast blocks, but they pop up now every 1-2 minutes instead of 10-15 seconds.

 

If there is some help that can be provided here that Avast can't provide, I'd appreciate that. I decided to post in both Avast and Malware Fighter as its a problem that neither is fully solving and I don't know why. If you feel that you'll leave it to Avast to figure it out, that I suppose can work too (as two groups providing help might provide solutions that counter the other guys solutions resulting in nobodies solutions working).

Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

You can run these scans in Safe Mode if you can't run them in Normal Mode.

 

Please download AdwCleaner by Xplode onto your Desktop.

 

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.

 

http://i424.photobucket.com/albums/pp322/digistar/AdwCleaner-icon.jpg

 

If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.

When the AdwCleaner program will open, click on the Scan button as shown below.

 

http://i424.photobucket.com/albums/pp322/digistar/untitled.png

 

AdwCleaner will now start to search for malicious files that may be installed on your computer.

To remove the files that were detected in the previous step, please click on the Clean button.

 

http://i424.photobucket.com/albums/pp322/digistar/3.png

 

AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.

Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.

*********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • It should update automatically if the computer is connected to the internet.
  • Click on Threat Scan and click on Scan Now.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  • Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  • When disinfection is completed you can click on "Copy to Clipboard".
  • Paste the log in you next reply (CTRL+ V)

*************************************************

Please download Junkware Removal Tool to your desktop.

 

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

 

Shut down your protection software now to avoid potential conflicts.

 

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

 

•The tool will open and start scanning your system.

 

•Please be patient as this can take a while to complete depending on your system's specifications.

 

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

 

•Copy and Paste the JRT.txt log into your next message.

*****************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

 

Posted

Cannot download last file from either link; Says it cannot be downloaded and visiting either page shows a 404 error. Attaching logs to this post.

Posted

Also, by looking at what Avast had me do, I found the "original" location of the virus, which popped onto my computer at the time I had assumed it had. It is found in C:/Users/Jason/AppData/Roaming/QolaRzavd (name of the virus folder; each file has the timestamp March 8, 10:52am, which is when it all started). I tried deleting all the files and it worked, but it regenerated the folder with this file inside YitUvfo.dll . That is the only file in there. Deleting it regenerates it and crashes Explorer.exe closing all folders. So, since I couldn't delete it, I made it Read-Only instead (an unconventional solution, but it has worked in the past to prevent the virus from updating itself as it can't download updates for itself while it is still read-only). The reannewscomm.com virus didn't return when I deleted the files, nor did it download fresh files to replace the other ones I deleted. Though, something is still regenerating the YitUvfo.dll... even when NOT plugged into the internet. Hope some of this info helps.

Posted

Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

 

Windows 8, 8.1 and Windows 10 comes with its own AV called Windows Defender. If you're using another AV you should make sure WD is disabled.

 

I'd like to scan your machine with ESET OnlineScan

 

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

 

•Click the http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png button.

•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png icon on your desktop.

 

•Check http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png

•Click the http://i424.photobucket.com/albums/pp322/digistar/esetStart.png button.

•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

 

•Check http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png

•Push the Start button.

•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

•When the scan completes, push http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png

•Push http://i424.photobucket.com/albums/pp322/digistar/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

•Push the http://i424.photobucket.com/albums/pp322/digistar/esetBack.png button.

•Push http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

 

Posted

Please download Farbar Service Scanner to the desktop and run it on the computer with the issue.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Make sure FRST is run under administrator privileges.

Make sure that the Whitelist section is checked.Otherwise, the log will be very long.

You Security programs may prevent the tool from running. If this happens, disable the security program until the scan is completed.

 

 

 

Posted

Ok. For reference this is what I was seeing for the ESET Tool (untitled.png) hence why I couldn't use it. Also, checked and made sure that zoom was at 100% and it was (as I occasionally hit zoom out by accident)

 

Here is log files from Farbar as well

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Jason (2016-03-09 18:59:24)

Running from C:\Users\Jason\Downloads

Windows 8.1 (X64) (2015-06-29 19:15:59)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-429370524-3042837960-4195566341-500 - Administrator - Disabled)

ASPNET (S-1-5-21-429370524-3042837960-4195566341-1002 - Limited - Enabled)

Guest (S-1-5-21-429370524-3042837960-4195566341-501 - Limited - Disabled)

Jason (S-1-5-21-429370524-3042837960-4195566341-1001 - Administrator - Enabled) => C:\Users\Jason

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

.NET Reflector Desktop (HKLM-x32\...\{067796E0-7973-4882-BB41-FE94453D4CAA}) (Version: 8.2.0.7 - Red Gate Software Ltd)

.NET Reflector Desktop (HKLM-x32\...\{419E4DE9-94B2-4C9E-BADD-8FA15FA0B821}) (Version: 9.0.1.268 - Red Gate Software Ltd)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)

ADOM (Ancient Domains Of Mystery) (HKLM-x32\...\Steam App 333300) (Version: - Thomas Biskup)

Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.1.0 - IObit)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)

Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)

Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Blender (HKLM\...\Blender) (Version: 2.74 - Blender Foundation)

Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)

Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version: - Blizzard Entertainment)

DM Genie Version 2.26.351 (HKLM-x32\...\DMGenie_is1) (Version: - )

Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)

Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.2.44 - PC Drivers HeadQuarters LP)

Epic Games Launcher (HKLM\...\{C33E7500-D1CB-4956-BD75-BC10A26696CB}) (Version: 1.1.30.0 - Epic Games, Inc.)

Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

Fraps (HKLM-x32\...\Fraps) (Version: - )

GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)

IObit Malware Fighter 3 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 3.2 - IObit)

IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.126 - IObit)

Ironcast (HKLM-x32\...\SXJvbmNhc3Q=_is1) (Version: 1 - )

Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden

Majesty Gold HD (HKLM-x32\...\Steam App 73230) (Version: - )

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)

My Game Long Name (HKLM\...\UDK-2ccfd1af-1dbc-4a71-873c-61e5026b9d23) (Version: - Epic Games, Inc.)

My Game Long Name (HKLM\...\UDK-304c3e6a-9fb7-4fe5-a601-aebb2ebfc448) (Version: - Epic Games, Inc.)

NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)

NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 361.43 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)

paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)

Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)

qBittorrent 3.2.0 (HKLM-x32\...\qBittorrent) (Version: 3.2.0 - The qBittorrent project)

Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden

Qualcomm Atheros Killer E220x Drivers (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden

Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1045 - Qualcomm Atheros)

Qualcomm Atheros Network Manager (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden

Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.104 - Skype Technologies S.A.)

Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.4 - IObit)

Sound Blaster Cinema 2 (HKLM-x32\...\{B4F6F8CC-2C61-42CC-A4CC-76621F25BDC7}) (Version: 1.00.07 - Creative Technology Limited)

Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.2.0 - IObit)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.4.0.5 - GOG.com)

Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)

Unity Web Player (HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\UnityWebPlayer) (Version: 5.3.0f4 - Unity Technologies ApS)

VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)

Wasteland 2 (HKLM-x32\...\1207665783_is1) (Version: 2.4.0.18 - GOG.com)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-429370524-3042837960-4195566341-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {4A348C3A-A02F-47C7-B94D-61D86A5ED782} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-08] (AVAST Software)

Task: {5B66FAC9-6967-42C8-80C9-62DA1432E660} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

Task: {5F80B3B1-C915-45FC-A440-7FF4A1EABC7F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)

Task: {636F4156-E80A-43F4-AD4F-573EB1268CAC} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-12-10] (PC Drivers Headquarters)

Task: {6D326A04-E9AC-4D1D-B130-BC67CFAE29B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {79BF6AA4-08A6-43DB-8BA6-BEF4C46E0AFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {7DE30892-CDAA-4744-8422-17C0A8D59DFD} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2016-01-28] (IObit)

Task: {85CEC57D-D4CE-4164-9368-C10AA4CA23DA} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-12-10] (PC Drivers Headquarters)

Task: {9D5026D4-C4CB-40CD-9E4C-27C0CC4C4C48} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-12-10] (PC Drivers Headquarters)

Task: {B237E5BE-D0B2-4520-94D7-E3EC212B1E69} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-04] (AVAST Software)

Task: {B37580AA-E349-4A36-B226-48CD105C9B52} - System32\Tasks\ASC9_SkipUac_Jason => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-01-18] (IObit)

Task: {B536DEF3-DD2B-444A-B87E-DBFBB3DE110F} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-01-15] (IObit)

Task: {F2801C3B-FEB1-4536-84AC-8B5CFA9C884E} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-12-10] (PC Drivers Headquarters)

Task: {FB3D6096-DA80-4DC2-AC77-3FE4A5536356} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\ASC9_SkipUac_Jason.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-06-18 12:39 - 2015-12-16 06:53 - 00126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-12-10 17:49 - 2015-12-10 17:49 - 00354592 _____ () C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll

2015-12-10 17:49 - 2015-12-10 17:49 - 00485664 _____ () C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll

2015-12-10 17:49 - 2015-12-10 17:49 - 00071968 _____ () C:\Program Files (x86)\Driver Support\RuleEngine.XmlSerializers.dll

2016-01-01 14:44 - 2015-12-16 09:34 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll

2015-08-24 22:08 - 2015-08-24 22:08 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2015-06-18 12:35 - 2014-02-21 10:21 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL

2015-06-18 12:35 - 2014-02-21 10:19 - 00366080 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL

2014-04-17 10:02 - 2014-04-17 10:02 - 00300544 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe

2015-11-28 15:16 - 2015-11-28 15:16 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-11-28 15:16 - 2015-11-28 15:16 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-03-09 10:33 - 2016-03-09 10:33 - 02838528 _____ () C:\Program Files\AVAST Software\Avast\defs\16030901\algo.dll

2015-11-28 15:16 - 2015-11-28 15:16 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

2015-06-29 11:57 - 2015-01-09 17:46 - 00517408 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\sqlite3.dll

2016-02-05 21:14 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl

2016-02-05 21:14 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl

2016-02-05 21:14 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl

2015-06-29 11:56 - 2014-10-16 09:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll

2015-06-29 12:00 - 2015-05-20 18:03 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl

2015-06-29 12:00 - 2015-05-20 18:03 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl

2015-06-29 12:00 - 2015-05-20 18:03 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl

2015-06-29 12:00 - 2015-05-20 18:04 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll

2015-06-29 12:00 - 2015-05-20 18:03 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll

2015-06-29 12:00 - 2015-05-20 18:03 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll

2015-06-29 12:00 - 2015-05-20 18:04 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll

2015-06-18 12:40 - 2015-12-16 09:34 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2016-02-05 21:14 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll

2016-02-05 21:14 - 2015-12-28 13:49 - 00629536 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll

2015-06-29 11:37 - 2015-06-29 11:37 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2015-06-29 11:57 - 2015-03-27 14:39 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll

2015-06-29 11:57 - 2015-01-09 17:46 - 00145184 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll

2016-02-05 21:14 - 2015-12-23 18:32 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl

2016-02-05 21:14 - 2015-12-23 18:32 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl

2016-02-05 21:14 - 2015-12-23 18:32 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

2014-04-03 15:48 - 2014-04-03 15:48 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2016-03-08 16:00 - 2016-02-09 17:17 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2016-02-02 18:12 - 2015-07-03 08:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

2016-03-08 16:00 - 2016-03-08 11:49 - 02547792 _____ () C:\Program Files (x86)\Steam\video.dll

2016-02-02 18:12 - 2015-07-03 08:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2016-02-02 18:12 - 2015-07-03 08:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2016-03-08 16:00 - 2016-02-08 15:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2016-03-08 16:00 - 2016-02-08 15:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2016-03-08 16:00 - 2016-02-08 15:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2016-03-08 16:00 - 2016-02-08 15:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2016-03-08 16:00 - 2016-02-08 15:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2016-03-08 16:00 - 2016-03-08 11:49 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2016-03-08 16:00 - 2016-02-17 14:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll

2016-03-08 16:00 - 2016-02-08 17:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2016-02-02 18:12 - 2015-09-24 15:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

HKU\S-1-5-21-429370524-3042837960-4195566341-1001\Software\Classes\.exe: exefile => <===== ATTENTION

HKU\S-1-5-21-429370524-3042837960-4195566341-1001\Software\Classes\exefile: <===== ATTENTION

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\driversupport.com -> hxxp://apps.driversupport.com

IE trusted site: HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\driversupport.com -> hxxps://apps.driversupport.com

IE restricted site: HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\reannewscomm.com -> hxxp://reannewscomm.com

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-429370524-3042837960-4195566341-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jason\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

DNS Servers: 64.59.168.13 - 64.59.168.15

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: QujiBvaw =>

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{661D5456-385D-4536-94D9-CFCE1B530E6F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{36CAB177-52EF-45DB-9920-E404D24D57BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{C5EAAC33-2868-4A00-98ED-CB8B384DDD34}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{1B6EDB10-CFE4-4A6E-8A2B-B3C10DFB3246}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [TCP Query User{D0B12457-77BF-446A-AC42-5DB9F9B9DC8B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [uDP Query User{E0E78DD8-EA41-41C8-9C02-EEDF89356342}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

 

==================== Restore Points =========================

 

17-02-2016 03:50:28 Scheduled Checkpoint

25-02-2016 05:35:10 Scheduled Checkpoint

05-03-2016 02:28:35 Scheduled Checkpoint

09-03-2016 10:41:46 Restore Point Created by FRST

09-03-2016 15:44:58 JRT Pre-Junkware Removal

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/09/2016 06:52:00 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (03/09/2016 06:29:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2

Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb

Exception code: 0xc0000409

Fault offset: 0x0000000000020544

Faulting process id: 0x1674

Faulting application start time: 0xexplorer.exe0

Faulting application path: explorer.exe1

Faulting module path: explorer.exe2

Report Id: explorer.exe3

Faulting package full name: explorer.exe4

Faulting package-relative application ID: explorer.exe5

 

Error: (03/09/2016 03:50:45 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2

Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb

Exception code: 0xc0000409

Fault offset: 0x0000000000020544

Faulting process id: 0x169c

Faulting application start time: 0xexplorer.exe0

Faulting application path: explorer.exe1

Faulting module path: explorer.exe2

Report Id: explorer.exe3

Faulting package full name: explorer.exe4

Faulting package-relative application ID: explorer.exe5

 

Error: (03/09/2016 03:49:56 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2

Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb

Exception code: 0xc0000409

Fault offset: 0x00000000000ac906

Faulting process id: 0x764

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

Faulting package full name: Explorer.EXE4

Faulting package-relative application ID: Explorer.EXE5

 

Error: (03/09/2016 03:42:31 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.18123, time stamp: 0x563faf80

Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb

Exception code: 0xc0000409

Fault offset: 0x00000000000ac906

Faulting process id: 0x16f0

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Faulting package full name: iexplore.exe4

Faulting package-relative application ID: iexplore.exe5

 

Error: (03/09/2016 03:34:29 PM) (Source: Windows Search Service) (EventID: 3079) (User: )

Description: Notifications for the volume C:\ are not active.

 

Context: Windows Application

 

Details:

The parameter is incorrect. (HRESULT : 0x80070057) (0x80070057)

 

Error: (03/09/2016 11:03:17 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2

Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb

Exception code: 0xc0000409

Fault offset: 0x0000000000020544

Faulting process id: 0x70c

Faulting application start time: 0xExplorer.EXE0

Faulting application path: Explorer.EXE1

Faulting module path: Explorer.EXE2

Report Id: Explorer.EXE3

Faulting package full name: Explorer.EXE4

Faulting package-relative application ID: Explorer.EXE5

 

Error: (03/09/2016 10:49:01 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: iexplore.exe, version: 11.0.9600.18123, time stamp: 0x563faf80

Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb

Exception code: 0xc0000409

Fault offset: 0x00000000000ac906

Faulting process id: 0x1990

Faulting application start time: 0xiexplore.exe0

Faulting application path: iexplore.exe1

Faulting module path: iexplore.exe2

Report Id: iexplore.exe3

Faulting package full name: iexplore.exe4

Faulting package-relative application ID: iexplore.exe5

 

Error: (03/09/2016 10:44:52 AM) (Source: Driver Detective) (EventID: 1000) (User: )

Description:

 

Error: (03/09/2016 10:44:52 AM) (Source: Driver Detective) (EventID: 1000) (User: )

Description:

 

 

System errors:

=============

Error: (03/09/2016 06:54:14 PM) (Source: DCOM) (EventID: 10016) (User: JasonBusiness)

Description: machine-defaultLocalActivation{45BA127D-10A8-46EA-8AB7-56EA9078943C}{45BA127D-10A8-46EA-8AB7-56EA9078943C}JasonBusinessJasonS-1-5-21-429370524-3042837960-4195566341-1001LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/09/2016 03:45:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

 

Error: (03/09/2016 03:29:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

 

Error: (03/09/2016 03:29:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Intel® ME Service service terminated unexpectedly. It has done this 1 time(s).

 

Error: (03/09/2016 03:29:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).

 

Error: (03/09/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (03/09/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Qualcomm Atheros Killer Service V2 service terminated unexpectedly. It has done this 1 time(s).

 

Error: (03/09/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

 

Error: (03/09/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

 

Error: (03/09/2016 03:29:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

 

 

CodeIntegrity:

===================================

Date: 2016-03-09 03:04:37.484

Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume6\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\tsmf.dll that did not meet the Windows signing level requirements.

 

 

==================== Memory info ===========================

 

Processor: Intel® Core i7-5820K CPU @ 3.30GHz

Percentage of memory in use: 15%

Total physical RAM: 16276.31 MB

Available physical RAM: 13714.82 MB

Total Virtual: 18708.31 MB

Available Virtual: 15418.86 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:230.15 GB) (Free:139.44 GB) NTFS

Drive d: (New Volume) (Fixed) (Total:1862.89 GB) (Free:1860.1 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by Jason (administrator) on JASONBUSINESS (09-03-2016 18:59:06)

Running from C:\Users\Jason\Downloads

Loaded Profiles: Jason (Available Profiles: Jason)

Platform: Windows 8.1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe

(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\DriverSupport.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe

(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe

(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe

(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe

(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe

() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)

HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [sound Blaster Cinema 2] => C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe [1442304 2014-05-29] (Creative Technology Ltd)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-28] (AVAST Software)

HKLM-x32\...\Run: [iObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5887264 2015-06-08] (IObit)

HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-08] (Valve Corporation)

HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50377336 2015-12-14] (Skype Technologies S.A.)

HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)

HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\Run: [QujiBvaw] => regsvr32.exe "C:\Users\Jason\AppData\Roaming\QolaRzavd\YitUvfo.dll"

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-28] (AVAST Software)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-06-18]

ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4692B750-DE88-4DCF-9163-745AF5604B24}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84

Tcpip\..\Interfaces\{80E228E7-8165-402D-944D-186AF6CCEC37}: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84

 

Internet Explorer:

==================

HKU\S-1-5-21-429370524-3042837960-4195566341-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-28] (AVAST Software)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-28] (AVAST Software)

DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

 

FireFox:

========

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)

FF Plugin HKU\S-1-5-21-429370524-3042837960-4195566341-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies ApS)

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-08] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

FF Extension: No Name - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-08] [not signed]

 

Chrome:

=======

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-08]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-08]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-28] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-28] (Avast Software)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)

R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [878880 2015-05-12] (IObit)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-04-03] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)

R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)

R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-08-24] ()

R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-17] (Qualcomm Atheros) [File not signed]

R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-05-20] (IObit)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-08] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-09] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-08] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-08] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-09] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-08] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-08] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-08] (AVAST Software)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [82608 2014-04-10] (Qualcomm Atheros, Inc.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-03-25] (IObit)

R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-06-29] (REALiX)

R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [130224 2014-03-27] (Qualcomm Atheros, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)

S3 MSICDSetup; no ImagePath

R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [154024 2016-03-08] (AVAST Software)

S3 NTIOLib_1_0_C; no ImagePath

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-16] (NVIDIA Corporation)

R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39032 2015-12-16] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-12-16] (NVIDIA Corporation)

R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)

R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()

R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-28] (Avast Software)

R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2014-05-29] (VIA Technologies, Inc.)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [304128 2014-05-29] (VIA Technologies, Inc.)

R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [55128 2015-06-06] (Intel Corporation)

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-09 18:59 - 2016-03-09 18:59 - 00015717 _____ C:\Users\Jason\Downloads\FRST.txt

2016-03-09 18:52 - 2016-03-09 18:52 - 00000000 ____D C:\Program Files (x86)\ESET

2016-03-09 15:53 - 2016-03-09 15:53 - 00000000 _____ C:\Users\Jason\Desktop\SecurityCheck_exe.m2wo0s1.partial

2016-03-09 15:49 - 2016-03-09 15:49 - 00000000 ____D C:\Users\Jason\AppData\Roaming\QolaRzavd

2016-03-09 15:48 - 2016-03-09 15:52 - 00000000 ____D C:\Users\Jason\AppData\Roaming\ProductData

2016-03-09 15:48 - 2016-03-09 15:48 - 00003468 _____ C:\Windows\System32\Tasks\Driver Support

2016-03-09 15:47 - 2016-03-09 15:47 - 00000000 ____D C:\ProgramData\ProductData

2016-03-09 15:42 - 2016-03-09 15:42 - 01609216 _____ (Malwarebytes) C:\Users\Jason\Desktop\JRT.exe

2016-03-09 10:49 - 2016-03-09 15:35 - 00000000 ____D C:\Program Files (x86)\AdwCleaner

2016-03-09 10:49 - 2016-03-09 10:49 - 01524224 _____ C:\Users\Jason\Desktop\AdwCleaner.exe

2016-03-09 10:47 - 2016-03-09 10:47 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys

2016-03-09 10:47 - 2016-03-09 10:47 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys

2016-03-09 10:41 - 2016-03-09 10:42 - 00005038 _____ C:\Users\Jason\Downloads\Fixlog.txt

2016-03-08 23:58 - 2016-03-08 23:58 - 00002190 _____ C:\Users\Jason\Desktop\Rkill.txt

2016-03-08 23:58 - 2016-03-08 23:58 - 00002082 _____ C:\Users\Jason\Desktop\aswMBR.txt

2016-03-08 23:58 - 2016-03-08 23:58 - 00000512 _____ C:\Users\Jason\Desktop\MBR.dat

2016-03-08 23:47 - 2016-03-08 23:47 - 00001868 _____ C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk

2016-03-08 23:31 - 2016-03-08 23:31 - 05200384 _____ (AVAST Software) C:\Users\Jason\Downloads\aswmbr.exe

2016-03-08 23:29 - 2016-03-09 18:59 - 00000000 ____D C:\FRST

2016-03-08 23:29 - 2016-03-08 23:30 - 00039235 _____ C:\Users\Jason\Desktop\Addition.txt

2016-03-08 23:29 - 2016-03-08 23:30 - 00027089 _____ C:\Users\Jason\Desktop\FRST.txt

2016-03-08 23:28 - 2016-03-08 23:28 - 02374144 _____ (Farbar) C:\Users\Jason\Downloads\FRST64.exe

2016-03-08 23:28 - 2016-03-08 23:28 - 00001039 _____ C:\Users\Jason\Desktop\MBM.txt

2016-03-08 23:23 - 2016-03-09 15:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-03-08 23:23 - 2016-03-08 23:23 - 00001130 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-03-08 23:23 - 2016-03-08 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-03-08 23:23 - 2016-03-08 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-03-08 23:23 - 2016-03-08 23:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-03-08 23:23 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys

2016-03-08 23:23 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2016-03-08 23:23 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2016-03-08 23:22 - 2016-03-08 23:22 - 22908888 _____ (Malwarebytes ) C:\Users\Jason\Downloads\mbam-setup-2.2.0.1024.exe

2016-03-08 19:56 - 2016-03-08 23:17 - 00000000 ____D C:\Users\Jason\AppData\Local\ElevatedDiagnostics

2016-03-08 17:56 - 2016-03-08 17:56 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Jason\Downloads\rkill.com

2016-03-08 16:03 - 2016-03-08 16:03 - 00001111 _____ C:\Users\Jason\Desktop\AppData - Shortcut.lnk

2016-03-08 15:57 - 2016-03-08 15:57 - 71036928 _____ C:\Windows\system32\config\SOFTWARE.iodefrag.bak

2016-03-08 15:57 - 2016-03-08 15:57 - 71036928 _____ C:\Windows\system32\config\SOFTWARE.iodefrag

2016-03-08 15:57 - 2016-03-08 15:57 - 04866048 _____ C:\Windows\system32\config\DRIVERS.iodefrag.bak

2016-03-08 15:57 - 2016-03-08 15:57 - 00253952 _____ C:\Windows\system32\config\DEFAULT.iodefrag.bak

2016-03-08 15:57 - 2016-03-08 15:57 - 00253952 _____ C:\Windows\system32\config\DEFAULT.iodefrag

2016-03-08 15:57 - 2016-03-08 15:57 - 00028672 _____ C:\Windows\system32\config\SAM.iodefrag.bak

2016-03-08 15:57 - 2016-03-08 15:57 - 00028672 _____ C:\Windows\system32\config\SAM.iodefrag

2016-03-08 15:57 - 2016-03-08 15:57 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag.bak

2016-03-08 15:57 - 2016-03-08 15:57 - 00024576 _____ C:\Windows\system32\config\SECURITY.iodefrag

2016-03-08 15:57 - 2016-03-08 15:57 - 00000000 ____H C:\asc_rdflag

2016-03-08 15:47 - 2014-10-16 10:27 - 00027424 _____ (IObit) C:\Windows\system32\RegistryDefragBootTime.exe

2016-03-08 15:33 - 2016-03-09 15:20 - 00000877 _____ C:\Users\Jason\Downloads\nativelog.txt

2016-03-08 14:57 - 2015-01-27 15:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer - Copy.exe

2016-03-08 14:20 - 2016-03-08 14:20 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

2016-03-08 14:20 - 2016-03-08 14:20 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2016-03-08 14:20 - 2016-03-08 14:20 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys

2016-03-08 14:20 - 2016-03-08 14:20 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys

2016-03-08 14:20 - 2016-03-08 14:20 - 00154024 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys

2016-03-08 14:20 - 2016-03-08 14:20 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2016-03-08 14:20 - 2016-03-08 14:20 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys

2016-03-08 14:20 - 2016-03-08 14:20 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr

2016-03-08 14:20 - 2016-03-08 14:20 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys

2016-03-08 14:20 - 2016-03-08 14:20 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2016-03-08 13:39 - 2016-03-08 15:47 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2016-03-08 13:39 - 2016-03-08 13:39 - 00003336 _____ C:\Windows\System32\Tasks\SpyHunter4Startup

2016-03-08 13:39 - 2016-03-08 13:39 - 00000000 _____ C:\autoexec.bat

2016-03-08 13:38 - 2016-03-08 13:38 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Jason\Downloads\SpyHunter-Installer.exe

2016-03-08 13:38 - 2016-03-08 13:38 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys

2016-03-08 13:18 - 2016-03-08 13:18 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}

2016-03-07 18:49 - 2016-03-08 12:54 - 00005333 _____ C:\Users\Jason\Desktop\Creating.txt

2016-03-07 14:55 - 2016-03-07 14:55 - 00002170 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk

2016-03-07 14:55 - 2016-03-07 14:55 - 00001188 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk

2016-03-07 14:55 - 2016-03-07 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3

2016-03-07 14:55 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\SysWOW64\IObitSmartDefragExtension.dll

2016-03-07 14:55 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll

2016-03-06 19:53 - 2016-03-06 20:04 - 00000709 _____ C:\Users\Jason\Desktop\Open World.txt

2016-03-06 09:23 - 2016-03-06 09:23 - 00004292 _____ C:\Windows\System32\Tasks\Driver Support-RTMScan

2016-03-05 14:55 - 2016-03-05 14:54 - 00000656 _____ C:\Users\Jason\Desktop\Music - Shortcut.lnk

2016-03-05 12:29 - 2016-03-06 15:33 - 00000000 ____D C:\Users\Jason\Desktop\Addressed

2016-03-02 18:07 - 2016-03-02 20:15 - 00000785 _____ C:\Users\Jason\Desktop\Process.txt

2016-03-01 23:47 - 2016-03-01 23:48 - 00000000 ____D C:\Users\Jason\Downloads\Data

2016-03-01 22:01 - 2016-03-01 22:30 - 00000000 ____D C:\Users\Jason\Desktop\Better Defenses

2016-02-26 15:09 - 2016-02-26 15:09 - 19457664 _____ C:\Users\Jason\Downloads\~Corta'SPLATFORMER.swf

2016-02-24 11:18 - 2016-02-24 11:18 - 01247112 _____ (Mojang) C:\Users\Jason\Downloads\Minecraft.exe

2016-02-24 11:18 - 2016-02-24 11:18 - 00000000 ____D C:\Users\Jason\Downloads\tools

2016-02-23 23:56 - 2016-02-23 23:58 - 00000081 _____ C:\Users\Jason\Desktop\Brian Belbeck.txt

2016-02-13 20:29 - 2016-02-15 17:55 - 00000000 ____D C:\Users\Jason\Desktop\Better Heroes

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-09 18:52 - 2013-08-22 07:36 - 00000000 ___SD C:\Windows\Downloaded Program Files

2016-03-09 18:49 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\migwiz

2016-03-09 18:33 - 2015-07-05 21:57 - 00000000 ____D C:\Program Files (x86)\Steam

2016-03-09 18:29 - 2016-02-02 19:14 - 00000000 ____D C:\Users\Jason\AppData\Local\CrashDumps

2016-03-09 16:05 - 2015-12-18 01:06 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Skype

2016-03-09 15:54 - 2014-03-18 02:03 - 00876144 _____ C:\Windows\system32\PerfStringBackup.INI

2016-03-09 15:54 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf

2016-03-09 15:47 - 2015-06-18 12:39 - 00000000 ____D C:\ProgramData\NVIDIA

2016-03-09 15:47 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-03-09 15:45 - 2015-06-29 11:56 - 00000000 ____D C:\Users\Jason\AppData\Roaming\IObit

2016-03-09 15:45 - 2015-06-29 11:55 - 00000000 ____D C:\ProgramData\IObit

2016-03-09 15:45 - 2015-06-29 11:55 - 00000000 ____D C:\Program Files (x86)\IObit

2016-03-09 12:13 - 2015-11-23 01:09 - 00000000 ____D C:\Users\Jason\Documents\DM Genie

2016-03-09 01:35 - 2015-06-29 11:21 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429370524-3042837960-4195566341-1001

2016-03-09 00:08 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF

2016-03-08 23:46 - 2013-08-22 07:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-03-08 23:46 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\AppReadiness

2016-03-08 23:35 - 2015-06-29 11:16 - 00000000 ____D C:\Users\Jason

2016-03-08 20:22 - 2015-06-29 11:37 - 00000000 ____D C:\Windows\SysWOW64\vbox

2016-03-08 20:22 - 2015-06-29 11:37 - 00000000 ____D C:\Windows\system32\vbox

2016-03-08 15:57 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI

2016-03-08 15:56 - 2016-02-05 21:14 - 00000266 _____ C:\Windows\Tasks\ASC9_SkipUac_Jason.job

2016-03-08 13:04 - 2015-06-18 12:32 - 00000000 ____D C:\ProgramData\Qualcomm

2016-03-07 14:55 - 2015-06-29 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4

2016-03-06 15:36 - 2016-01-09 11:32 - 00000000 ____D C:\Users\Jason\Desktop\Projects

2016-03-05 14:24 - 2016-02-05 21:14 - 00002282 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk

2016-03-04 11:12 - 2016-01-23 10:51 - 00001561 _____ C:\Users\Jason\Desktop\Diabetes Numbers.txt

2016-03-03 11:37 - 2016-01-25 11:41 - 00000000 ____D C:\Users\Jason\Downloads\game

2016-03-01 20:46 - 2015-06-30 08:40 - 00000000 ____D C:\Users\Jason\Documents\My Games

2016-03-01 20:44 - 2015-08-25 18:46 - 00000000 ____D C:\Users\Jason\Documents\ADOM

2016-02-13 23:51 - 2016-02-04 15:36 - 00019476 _____ C:\Users\Jason\Desktop\Original Data.ods

 

Some files in TEMP:

====================

C:\Users\Jason\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-03-01 05:29

 

==================== End of FRST.txt ============================

Posted

AHAHA I knew that service was the virus... Qujibvaw Microsoft Register Server is in my Task Manager, and is linked to the first virus location (QolaRzavd)

Posted

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.

 

Open Internet Explorer by clicking the Start button Picture of the Start button. In the search box, type Internet Explorer, and then, in the list of results, click Internet Explorer.

 

Click the Tools button, and then click Internet Options.

 

Click the Security tab, and then click a security zone (Local intranet, Trusted sites, or Restricted sites).

 

Click Sites.

 

If you clicked Local intranet in step 3, click Advanced.

 

In Websites, click the website that you want to remove.

 

Click Remove.

 

Click Close, and then click OK (or click OK twice if you clicked Local intranet in step 3).

 

IE trusted site: HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\driversupport.com -> hxxp://apps.driversupport.com

IE trusted site: HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\driversupport.com -> hxxps://apps.driversupport.com

IE restricted site: HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\reannewscomm.com -> hxxp://reannewscomm.com

*********************************************

Please try running ESET again.

Posted

Did, that. Also, Reannewscomm.com is back again, every 10-15 seconds AND the other 4 aren't around anymore. So irritating. I removed all of them from the sites for each zone, and I'll try running ESET again.

Posted

Open Notepad ( it must be Notepad) copy and paste these lines into Notepad and save the file as fixlist.txt. This file must be saved in the same place as your Farbarscanner (desktop) Desktop.

 

2016-03-09 15:49 - 2016-03-09 15:49 - 00000000 ____D C:\Users\Jason\AppData\Roaming\QolaRzavd

HKU\S-1-5-21-429370524-3042837960-4195566341-1001\...\Run: [QujiBvaw] => regsvr32.exe "C:\Users\Jason\AppData\Roaming\QolaRzavd\YitUvfo.dll"

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...