Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've infected a friends Vista Laptop


  • This topic is locked This topic is locked
31 replies to this topic

#1 duffsparky

duffsparky

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 04 December 2014 - 01:50 PM

I've been using a friend's ACER laptop to try and fault find (possible virus issue) my Fujitsu Siemens laptop and in so doing I think I've got virus/malware infections in both. My Fujitsu Siemens laptop is awaiting a physical repair (see here for more info) so it will have to wait. My friends ACER is important and I need help, if someone has the time, in irradicating the virus/malware in it.

 

The basic laptop specs are:-

ACER Aspire 5920

Intel Core 2 Duo T5550@1083GHz CPU

2.0 GB RAM

DVD RW

No floppy

USB

Vista Home Premium SP2

 

Anti virus/malware:-

 

AVG Internet Security 2014

Malware Bytes

Emsisoft

 

 

Symtoms:-

 

AVG recently found some infections and PUPs and is now reporting a Trogen Horse Generic infection.

Malware bytes found and removed malware but now it GUI is no longer available, although Task Manager shows mbam.exe as running.

Emsisoft found and removed some malware but now returns an error when run.

Bitdefender Online scanner reports 'system is infected with Gen:Variant.Kazy.351837'

Task Manager shows RtkBtMnt.exe is running from a temp folder.

Sometimes the AVG icon does not appear in the Taskbar.

 

 

Any help wound be much appreciated.

 

Many thanks.

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:21 AM

Posted 04 December 2014 - 02:13 PM

Hello, I moved this to the Am I Infected forum.

Did you share a Flash Drive or media with your friend?

Can you end MBAM in task Manager??

RtkBtMnt.exe belongs to software Realtek HD Audio Data Rerouter or Spy Sweeper

Lets do this next.

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
>>>

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .


    Can you Rerun MBAM now and post that log?

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 05 December 2014 - 03:13 PM

Hello, I moved this to the Am I Infected forum.

Did you share a Flash Drive or media with your friend?

Can you end MBAM in task Manager??

RtkBtMnt.exe belongs to software Realtek HD Audio Data Rerouter or Spy Sweeper

Lets do this next.

Please download Rkill by Grinler and save it to your desktop.

Yes I have shared USB flash drives though they were scanned beforehand.

Yes I can end MBAM in task Manager.

I know RtkBtMnt.exe belongs to software Realtek HD Audio Data Rerouter or Spy Sweeper under normal circumstances but I've read that if it's running from a Windows Temp folder then it's suspect, which is why I mentioned it.

 

I downloaded Rkill from Link1 and moved it to the Desktop but I do not get the option to "Run as administrator" by right clicking it.

I downloaded Rkill from Link2 and moved it to the Desktop, I get the option to "Run as administrator" by right clicking it, however, I get the following error message:-

 

"There was a problem retrieving the necessary environment variable: appdata. Rkill has terminated"

 

Many thanks.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:21 AM

Posted 05 December 2014 - 03:29 PM

Can you run TDDSKiller directly then?

And Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

Edited by boopme, 05 December 2014 - 03:31 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 05 December 2014 - 05:43 PM

  • I ran TDDSKiller directly and it found nothing.
  • I ran TFC which seemed to be taking a long time so I left it running and came back after about half an hour to find the Desktop showing just the background with no icons and the TFC GUI gone. I shut the laptop down using Ctrl\Alt\Del and the Shutdown option.
  • I then re-ran TFC and after another half hour the Progress Bar was just cyling with no apparent progress in the Status pane and the application seemed to have hung.
  • I checked Applications and Processes through Task Manager using Chrl\Alt\Del which showed TFC to be running OK. I then shut down and rebooted in order to write this post.
  • How long should TFC take? The first run status pane showed it had cleaned a lot from Temp folders but the second run showed very little.

Edited by duffsparky, 05 December 2014 - 05:48 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:21 AM

Posted 05 December 2014 - 07:58 PM

30 mins..max
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 07 December 2014 - 08:32 AM

I've rerun TDDSKiller without RKill and it found nothing.

I've rerun TFC which cleaned folders at the beginning but then sat at: "User: User 2  ->Temp folder emptied:0 bytes" for about an hour. Clicking "Exit" did nothing so I stopped it via the "Task Manager", then restarted via Ctrl\Alt\Del.

Any suggestions as to what I should try next?


Edited by duffsparky, 08 December 2014 - 05:00 AM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:21 AM

Posted 08 December 2014 - 04:14 PM

Lets do one more

ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 09 December 2014 - 10:44 AM

I ran ESET, it found and cleaned 9(?) items. I ran into a problem with the "Screensaver" and "LCD power off" in that pressing the "Spacebar" or "Enter" keys, to prevent either occurring, caused the scan to stop; so I had to restart ESET several times before I got a complete scan. I followed your instructions to export and save the log file as "EsetScan" but for some reason only a shortcut was saved and not the actual logfile. However, I did find the following in Program Files\ESET\ESET Online Scanner\Log.txt with the date and time being approximately correct (I hope it's the info you want):-

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cf95b3cd61dfd445b83556325ed32c7c
# engine=21470
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-09 12:44:53
# local_time=2014-12-09 12:44:53 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG Internet Security 2014'
# compatibility_mode=1049 16777213 100 100 1474 105259477 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 71869811 255661821 0 0
# scanned=7326
# found=6
# cleaned=0
# scan_time=1095
sh=77DF7AF38290DE5AC4DB50A62338FC7C910E5685 ft=1 fh=2d5f3960421649f5 vn="a variant of Win32/ReImageRepair.C potentially unwanted application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RADV4TX.exe"
sh=5A4ADCA5CEFDEACCC9C4D2D197213E606014FDB4 ft=1 fh=63ae2f886e7f5dcc vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RR6RR60.exe"
sh=BD3D451BFB56B02EDD3D2D1FEA10E29EC94F1A8C ft=1 fh=3d6c1e353acd28fa vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RSHL0VJ.exe"
sh=A452E8685920AE9F90D7B988C49A8830B5A05CDC ft=1 fh=d222f0959cc53eea vn="Win32/Spigot.A potentially unwanted application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RWZLATB.exe"
sh=95B1422D997940E3127A1293A2923ED6960C8D74 ft=1 fh=adc43a10c7c58d90 vn="a variant of Win32/InstallCore.QW potentially unwanted application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RY93LYS.exe"
sh=5A4ADCA5CEFDEACCC9C4D2D197213E606014FDB4 ft=1 fh=63ae2f886e7f5dcc vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RZLSW86.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cf95b3cd61dfd445b83556325ed32c7c
# engine=21470
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-09 12:54:37
# local_time=2014-12-09 12:54:37 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG Internet Security 2014'
# compatibility_mode=1049 16777213 100 100 2058 105260061 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 71870395 255662405 0 0
# scanned=331
# found=1
# cleaned=0
# scan_time=114
sh=77DF7AF38290DE5AC4DB50A62338FC7C910E5685 ft=1 fh=2d5f3960421649f5 vn="a variant of Win32/ReImageRepair.C potentially unwanted application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RADV4TX.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cf95b3cd61dfd445b83556325ed32c7c
# engine=21470
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-09 03:06:29
# local_time=2014-12-09 03:06:29 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG Internet Security 2014'
# compatibility_mode=1049 16777213 100 100 13570 105267973 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 71878307 255670317 0 0
# scanned=261856
# found=9
# cleaned=9
# scan_time=7053
sh=77DF7AF38290DE5AC4DB50A62338FC7C910E5685 ft=1 fh=2d5f3960421649f5 vn="a variant of Win32/ReImageRepair.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RADV4TX.exe"
sh=5A4ADCA5CEFDEACCC9C4D2D197213E606014FDB4 ft=1 fh=63ae2f886e7f5dcc vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RR6RR60.exe"
sh=BD3D451BFB56B02EDD3D2D1FEA10E29EC94F1A8C ft=1 fh=3d6c1e353acd28fa vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RSHL0VJ.exe"
sh=A452E8685920AE9F90D7B988C49A8830B5A05CDC ft=1 fh=d222f0959cc53eea vn="Win32/Spigot.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RWZLATB.exe"
sh=95B1422D997940E3127A1293A2923ED6960C8D74 ft=1 fh=adc43a10c7c58d90 vn="a variant of Win32/InstallCore.QW potentially unwanted application (deleted - quarantined)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RY93LYS.exe"
sh=5A4ADCA5CEFDEACCC9C4D2D197213E606014FDB4 ft=1 fh=63ae2f886e7f5dcc vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-1386124427-3417689842-1039977100-1001\$RZLSW86.exe"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Basic user\AppData\Roaming\MTPWQHXS"
sh=4C24605BA8BA92489B563ACD5D836E1B4E8F3972 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Basic user\AppData\Roaming\Opera Software\Opera Stable\Extensions\ieejjmmgeihokfnlipbofpgnajfkdbbo\1.26.53_0\extensionData\plugins\91.js"
sh=5A4ADCA5CEFDEACCC9C4D2D197213E606014FDB4 ft=1 fh=63ae2f886e7f5dcc vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\Temp\ccs793E.tmp"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cf95b3cd61dfd445b83556325ed32c7c
# engine=21473
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-09 03:15:05
# local_time=2014-12-09 03:15:05 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG Internet Security 2014'
# compatibility_mode=1049 16777213 100 100 14086 105268489 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 71878823 255670833 0 0
# scanned=165
# found=0
# cleaned=0
# scan_time=3
 


Edited by duffsparky, 09 December 2014 - 11:03 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:21 AM

Posted 10 December 2014 - 01:47 PM

Ok, well in spite of it all it did clean, so how is t now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 10 December 2014 - 05:37 PM

It seems Ok at the moment, lets hope the problems are sorted. 

 

Have you seen..Select Real Security

 

I've had a look at your link above and run the System Files Checker as suggested in the Slow Computer section "Step 5 - Fix Windows System Files" by typing sfc /scannow in the command "Run" box. SFC found errors but was not able to fix them all and I wonder if I should run the "Windows Repair (All In One)" as suggested in item 2 of the "Fix Post-Disinfection Problems" section of the Malware Removal Guide? However, I do not have the Vista installation disk only the recovery software on the laptop.


Edited by duffsparky, 10 December 2014 - 06:07 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:21 AM

Posted 10 December 2014 - 07:37 PM

Hi, yes you can run those tools. I'll even give you a guide that will run sfc and Windows repair.

But first I want to run an anti Rootkit tool ( half hour )

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double click on downloaded file. OK self extracting prompt.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
>>>

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.

1406373241-3-o.png


Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.

1406373250-4-o.png


Go to Step 5 and under"System Restore" click on Create button.

1406373259-5-o.png


Go to Start Repairs tab and click the Start button.

1406373267-start1-o.png


Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start Repairs button.

1406373275-start2-o.png


After the repair finished, you may be prompted to restart the computer. Please allow it to do so.

Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 11 December 2014 - 07:53 AM

Malwarebytes Anti-Rootkit was one of the tools I had already used but I re-installed and re-ran it. Below is the logfiles from the latest run.

 

I installed and ran Windows Repair (All in One) but didn't see the note to disable the anti-virus before it started. Below is the logfile from this first run. I will re-run the application and post its logfile separately.

 

When I restarted Windows Repair it reported the last backup had errors but the message disappeared too quickly for me to note the details.

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.11.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [administrator]

11/12/2014 10:09:44
mbar-log-2014-12-11 (10-09-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 399325
Time elapsed: 34 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

------------------------------------------------------------------------------------------------------------------------------------------------------

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_34

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.833000 GHz
Memory total: 2136666112, free: 998780928

Downloaded database version: v2014.11.30.06
Downloaded database version: v2014.11.30.01
Initializing...
======================
------------ Kernel report ------------
     11/30/2014 17:34:30
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\psdfilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5v32.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\winbondcir.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\avgfwd6x.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\PSDNServ.sys
\SystemRoot\system32\DRIVERS\PSDVdisk.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netr28u.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89633140
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff881fa028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89633140, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89736cb0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89633140, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff881e51a8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff881fa028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 977078E4

Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 22523067

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22523904  Numsec = 233185280
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 255709184  Numsec = 225845248

    Partition 3 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 481554432  Numsec = 6840320

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
File "c:\programdata\avg2014\chjw\52402b81402b6ac5.dat:39acd711-5234-4c29-960d-0646929e4705" is sparse (flags = 32768)
File "c:\programdata\avg2014\chjw\f018555418551b44.dat:7582ed25-d116-417d-bdee-8014217f2235" is sparse (flags = 32768)
File "c:\programdata\avg2014\chjw\f018555418551b44.dat:d67d3c09-853f-4c5f-ba6a-d34043048d54" is sparse (flags = 32768)
File "c:\windows\system32\config\systemprofile\appdata\local\avg2014\log\avg-9f8e3012-73ea-4242-a962-fa3655fefb17.tmp" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgcfg.log.1" is compressed (flags = 1)
Scan Interrupted
Scan was aborted.
=======================================
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89633140
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff881fa028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 977078E4

Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 22523067

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22523904  Numsec = 233185280
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 255709184  Numsec = 225845248

    Partition 3 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 481554432  Numsec = 6840320

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
File "c:\programdata\avg2014\chjw\52402b81402b6ac5.dat:39acd711-5234-4c29-960d-0646929e4705" is sparse (flags = 32768)
File "c:\programdata\avg2014\chjw\f018555418551b44.dat:7582ed25-d116-417d-bdee-8014217f2235" is sparse (flags = 32768)
File "c:\programdata\avg2014\chjw\f018555418551b44.dat:d67d3c09-853f-4c5f-ba6a-d34043048d54" is sparse (flags = 32768)
File "c:\windows\system32\config\systemprofile\appdata\local\avg2014\log\avg-9f8e3012-73ea-4242-a962-fa3655fefb17.tmp" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgcfg.log.1" is compressed (flags = 1)
Scan Interrupted
Scan was aborted.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-22523904-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_34

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.833000 GHz
Memory total: 2136666112, free: 858890240

Host not found
Host not found
Downloaded database version: v2014.11.30.06
Downloaded database version: v2014.11.30.01
=======================================
Initializing...
------------ Kernel report ------------
     11/30/2014 18:31:09
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\psdfilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5v32.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\winbondcir.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\avgfwd6x.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\PSDNServ.sys
\SystemRoot\system32\DRIVERS\PSDVdisk.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\netr28u.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffffbd2e9358
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000094\
Lower Device Object: 0xffffffff88042030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89633140
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff881fa028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89633140, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89736cb0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89633140, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff881e51a8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff881fa028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 977078E4

Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 22523067

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22523904  Numsec = 233185280
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 255709184  Numsec = 225845248

    Partition 3 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 481554432  Numsec = 6840320

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffffbd2e9358, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89475660, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffffbd2e9358, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88042030, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F632EC5

Partition information:

    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 32  Numsec = 3940319
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2017459712 bytes
Sector size: 512 bytes

Done!
File "c:\programdata\avg2014\chjw\52402b81402b6ac5.dat:39acd711-5234-4c29-960d-0646929e4705" is sparse (flags = 32768)
File "c:\programdata\avg2014\chjw\f018555418551b44.dat:7582ed25-d116-417d-bdee-8014217f2235" is sparse (flags = 32768)
File "c:\programdata\avg2014\chjw\f018555418551b44.dat:d67d3c09-853f-4c5f-ba6a-d34043048d54" is sparse (flags = 32768)
File "c:\windows\system32\config\systemprofile\appdata\local\avg2014\log\avg-9f8e3012-73ea-4242-a962-fa3655fefb17.tmp" is compressed (flags = 1)
File "C:\Windows\System32\config\systemprofile\AppData\Local\Avg2014\log\avgcfg.log.1" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-22523904-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-32-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_34

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.833000 GHz
Memory total: 2136666112, free: 678371328

Downloaded database version: v2014.12.11.01
Downloaded database version: v2014.12.08.03
Downloaded database version: v2014.12.06.01
=======================================
Initializing...
------------ Kernel report ------------
     12/11/2014 10:09:24
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\psdfilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx86.sys
\SystemRoot\system32\DRIVERS\avglogx.sys
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\SystemRoot\system32\DRIVERS\avgidshx.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5v32.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\rimmptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\rixdptsk.sys
\SystemRoot\system32\DRIVERS\winbondcir.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\DKbFltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\avgfwd6x.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\netr28u.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\system32\DRIVERS\avgdiskx.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\PSDNServ.sys
\SystemRoot\system32\DRIVERS\PSDVdisk.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
\SystemRoot\system32\DRIVERS\ipnat.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff89687ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff881ff028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff89687ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89584178, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff89687ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff881ea700, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff881ff028, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 977078E4

Partition information:

    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 22523067

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22523904  Numsec = 233185280
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 255709184  Numsec = 225845248

    Partition 3 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 481554432  Numsec = 6840320

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
File "c:\programdata\avg2014\chjw\52402b81402b6ac5.dat:fe6c9f1c-7181-435d-913a-7c2ea49d9272" is sparse (flags = 32768)
File "c:\programdata\avg2014\chjw\f018555418551b44.dat:75c67c73-e914-4626-8af8-e80264816a45" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-22523904-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: USER-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile:
Current Profile SID: S-1-5-21-1386124427-3417689842-1039977100-1000
Current Profile Classes: S-1-5-21-1386124427-3417689842-1039977100-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Default\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:09:44

Process Count: 90
Commit Total: 1.91 GB
Commit Limit: 4.22 GB
Commit Peak: 2.31 GB
Handle Count: 25152
Kernel Total: 223.43 MB
Kernel Paged: 123.43 MB
Kernel Non Paged: 100.01 MB
System Cache: 652.65 MB
Thread Count: 1100
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.99 GB
Memory Used: 1.46 GB(73.1997%)
Memory Avail.: 546.11 MB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.99 GB
Memory Used: 1.12 GB(56.1502%)
Memory Avail.: 893.52 MB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (11/12/2014 11:45:42)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 77
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (11/12/2014 11:45:46)
   Running Repair Under Current User Account
   Done (11/12/2014 11:45:52)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (11/12/2014 11:45:52)
   Running Repair Under System Account
   Done (11/12/2014 11:58:07)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (11/12/2014 11:58:07)
   Running Repair Under System Account
   Done (11/12/2014 11:59:57)

03 - Reset Service Permissions
   Start (11/12/2014 11:59:57)
   Running Repair Under System Account
   Done (11/12/2014 12:00:10)

04 - Register System Files
   Start (11/12/2014 12:00:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:00:47)

05 - Repair WMI
   Start (11/12/2014 12:00:47)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   AVG Internet Security 2014 Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   AVG Internet Security 2014 Exported.

   Exporting 3rd Party Firewall Info...
   AVG Internet Security 2014 Exported.

   Running Repair Under Current User Account
   Done (11/12/2014 12:04:52)

06 - Repair Windows Firewall
   Start (11/12/2014 12:04:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:05:33)

07 - Repair Internet Explorer
   Start (11/12/2014 12:05:33)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:06:04)

08 - Repair MDAC/MS Jet
   Start (11/12/2014 12:06:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:06:27)

09 - Repair Hosts File
   Start (11/12/2014 12:06:27)
   Running Repair Under System Account
   Done (11/12/2014 12:06:29)

10 - Remove Policies Set By Infections
   Start (11/12/2014 12:06:29)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:07:36)

11 - Repair Start Menu Icons Removed By Infections
   Start (11/12/2014 12:07:36)
   Running Repair Under System Account
   Done (11/12/2014 12:07:37)

12 - Repair Icons
   Start (11/12/2014 12:07:37)
   Running Repair Under Current User Account
   Done (11/12/2014 12:07:38)

13 - Repair Winsock & DNS Cache
   Start (11/12/2014 12:07:38)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:07:55)

15 - Repair Proxy Settings
   Start (11/12/2014 12:07:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:07:57)

17 - Repair Windows Updates
   Start (11/12/2014 12:07:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (11/12/2014 12:08:37)

18 - Repair CD/DVD Missing/Not Working
   Start (11/12/2014 12:08:37)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (11/12/2014 12:08:37)

19 - Repair Volume Shadow Copy Service
   Start (11/12/2014 12:08:37)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:17)

21 - Repair MSI (Windows Installer)
   Start (11/12/2014 12:09:17)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:37)

23.01 - Repair bat Association
   Start (11/12/2014 12:09:37)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:39)

23.02 - Repair cmd Association
   Start (11/12/2014 12:09:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:41)

23.03 - Repair com Association
   Start (11/12/2014 12:09:41)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:44)

23.04 - Repair Directory Association
   Start (11/12/2014 12:09:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:46)

23.05 - Repair Drive Association
   Start (11/12/2014 12:09:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:48)

23.06 - Repair exe Association
   Start (11/12/2014 12:09:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:50)

23.07 - Repair Folder Association
   Start (11/12/2014 12:09:50)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:53)

23.08 - Repair inf Association
   Start (11/12/2014 12:09:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:55)

23.09 - Repair lnk (Shortcuts) Association
   Start (11/12/2014 12:09:55)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:09:57)

23.10 - Repair msc Association
   Start (11/12/2014 12:09:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:10:00)

23.11 - Repair reg Association
   Start (11/12/2014 12:10:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:10:02)

23.12 - Repair scr Association
   Start (11/12/2014 12:10:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:10:04)

24 - Repair Windows Safe Mode
   Start (11/12/2014 12:10:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:10:06)

25 - Repair Print Spooler
   Start (11/12/2014 12:10:06)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:10:24)

26 - Restore Important Windows Services
   Start (11/12/2014 12:10:24)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:10:41)

27 - Set Windows Services To Default Startup
   Start (11/12/2014 12:10:41)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:10:48)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

31 - Repair Windows 'New' Submenu
   Start (11/12/2014 12:10:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 12:10:51)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (11/12/2014 12:10:51)
   Total Repair Time: 00:25:11


...YOU MUST RESTART YOUR SYSTEM...
 


Edited by duffsparky, 11 December 2014 - 08:06 AM.


#14 duffsparky

duffsparky
  • Topic Starter

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 11 December 2014 - 03:57 PM

I've re-run Windows Repair (All in one), this time with the anti-virus disabled and below is the logfile:-

 

 

Tweaking.com - Windows Repair v2.10.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Home Premium
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: USER-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile:
Current Profile SID: S-1-5-21-1386124427-3417689842-1039977100-1000
Current Profile Classes: S-1-5-21-1386124427-3417689842-1039977100-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Default\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 02:08:17

Process Count: 82
Commit Total: 1.49 GB
Commit Limit: 4.22 GB
Commit Peak: 2.41 GB
Handle Count: 22314
Kernel Total: 245.25 MB
Kernel Paged: 144.15 MB
Kernel Non Paged: 101.10 MB
System Cache: 1.08 GB
Thread Count: 921
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.99 GB
Memory Used: 1.08 GB(54.3352%)
Memory Avail.: 930.50 MB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 1.99 GB
Memory Used: 839.45 MB(41.1961%)
Memory Avail.: 1.17 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (11/12/2014 15:06:02)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 1
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (11/12/2014 15:06:03)
   Running Repair Under Current User Account
   Done (11/12/2014 15:06:08)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (11/12/2014 15:06:08)
   Running Repair Under System Account
   Done (11/12/2014 15:14:26)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (11/12/2014 15:14:26)
   Running Repair Under System Account
   Done (11/12/2014 15:15:55)

03 - Reset Service Permissions
   Start (11/12/2014 15:15:55)
   Running Repair Under System Account
   Done (11/12/2014 15:16:01)

04 - Register System Files
   Start (11/12/2014 15:16:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:16:29)

05 - Repair WMI
   Start (11/12/2014 15:16:29)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   AVG Internet Security 2014 Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   AVG Internet Security 2014 Exported.

   Exporting 3rd Party Firewall Info...
   AVG Internet Security 2014 Exported.

   Running Repair Under Current User Account
   Done (11/12/2014 15:19:58)

06 - Repair Windows Firewall
   Start (11/12/2014 15:19:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:20:34)

07 - Repair Internet Explorer
   Start (11/12/2014 15:20:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:20:58)

08 - Repair MDAC/MS Jet
   Start (11/12/2014 15:20:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:21:13)

09 - Repair Hosts File
   Start (11/12/2014 15:21:13)
   Running Repair Under System Account
   Done (11/12/2014 15:21:14)

10 - Remove Policies Set By Infections
   Start (11/12/2014 15:21:14)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:21:16)

11 - Repair Start Menu Icons Removed By Infections
   Start (11/12/2014 15:21:16)
   Running Repair Under System Account
   Done (11/12/2014 15:21:17)

12 - Repair Icons
   Start (11/12/2014 15:21:17)
   Running Repair Under Current User Account
   Done (11/12/2014 15:21:19)

13 - Repair Winsock & DNS Cache
   Start (11/12/2014 15:21:19)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:21:33)

15 - Repair Proxy Settings
   Start (11/12/2014 15:21:33)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:21:36)

17 - Repair Windows Updates
   Start (11/12/2014 15:21:36)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (11/12/2014 15:22:04)

18 - Repair CD/DVD Missing/Not Working
   Start (11/12/2014 15:22:04)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (11/12/2014 15:22:04)

19 - Repair Volume Shadow Copy Service
   Start (11/12/2014 15:22:04)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:22:28)

21 - Repair MSI (Windows Installer)
   Start (11/12/2014 15:22:28)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:22:40)

23.01 - Repair bat Association
   Start (11/12/2014 15:22:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:22:42)

23.02 - Repair cmd Association
   Start (11/12/2014 15:22:42)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:22:44)

23.03 - Repair com Association
   Start (11/12/2014 15:22:44)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:22:47)

23.04 - Repair Directory Association
   Start (11/12/2014 15:22:47)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:22:49)

23.05 - Repair Drive Association
   Start (11/12/2014 15:22:49)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:22:51)

23.06 - Repair exe Association
   Start (11/12/2014 15:22:51)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:22:53)

23.07 - Repair Folder Association
   Start (11/12/2014 15:22:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:22:56)

23.08 - Repair inf Association
   Start (11/12/2014 15:22:56)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:22:58)

23.09 - Repair lnk (Shortcuts) Association
   Start (11/12/2014 15:22:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:23:00)

23.10 - Repair msc Association
   Start (11/12/2014 15:23:00)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:23:02)

23.11 - Repair reg Association
   Start (11/12/2014 15:23:02)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:23:05)

23.12 - Repair scr Association
   Start (11/12/2014 15:23:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:23:07)

24 - Repair Windows Safe Mode
   Start (11/12/2014 15:23:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:23:09)

25 - Repair Print Spooler
   Start (11/12/2014 15:23:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:23:24)

26 - Restore Important Windows Services
   Start (11/12/2014 15:23:24)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:23:34)

27 - Set Windows Services To Default Startup
   Start (11/12/2014 15:23:34)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:23:39)

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0

31 - Repair Windows 'New' Submenu
   Start (11/12/2014 15:23:39)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/12/2014 15:23:41)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (11/12/2014 15:23:41)
   Total Repair Time: 00:17:40


...YOU MUST RESTART YOUR SYSTEM...
 



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:21 AM

Posted 11 December 2014 - 11:53 PM

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
[list]
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users