Results 1 to 6 of 6

Thread: CheckDisk virus?

  1. #1
    Member
    Join Date
    Apr 2006
    Posts
    56

    Default CheckDisk virus?

    Hi

    I have been virus free for a few years until now. About two weeks ago, I surfed the net and then rebooted, still connected online, and CheckDisk (CHKDSK) ran by itself in DOS mode, identifying errors and replacing files. When it finished some of my Windows applications stopped running, for example, Photo Viewer and Notepad. My security applications also began to behave strangely e.g. my resident anti-virus Avira would not open until I reboot at least twice, and another application, called Lock.exe, which protects my password-protected flash drive, stopped working altogether, denying me access to the contents on the drive. When I tried the flash drive on another computer, it worked OK, so I ran MalwareBytes, which found nothing, but SuperAntiSpyware found a couple of malware named Rogue.Agent.Gen-Nullo in files identified as axinstsv.dll and certprop.dll. Further research suggested that these are legitimate Windows files and therefore possibly false positives. I have also looked at the CheckDisk application in Computer → Properties → Tools, but there is no automatic schedule timer for CheckDisk to run.

    Did a rogue website force CheckDisk to run and then infect the PC? Since then I have kept the computer off-line, and I was about to reinstall Windows but I'm wary about doing so on top of a possible live virus, and I would appreciate some help. I have followed all the posting instructions except that Tweaking.com Registry Backup application will not run, citing -

    “Failed to load control 'Folder Browser' from. Your version of may be outdated. Make sure you are using the version of the control that was provided with your application”. My FRST and aswMBR logs are below.

    Thanks.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
    Ran by USER (administrator) on USER-PC on 14-09-2014 07:57:01
    Running from C:\Users\USER\Desktop
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    () C:\Windows\System32\ASGT.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10127976 2011-06-28] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    Chrome:
    =======

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
    R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
    R2 ASGT; C:\Windows\System32\ASGT.exe [55296 2012-01-17] () [File not signed]
    R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
    S3 AXINSTSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] () [File not signed]
    S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 CERTPROPSVC; C:\Windows\System32\certprop.dll [67584 2010-11-20] () [File not signed]
    S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
    S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation)
    S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation) [File not signed]
    R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 SCPOLICYSVC; C:\Windows\System32\certprop.dll [67584 2010-11-20] () [File not signed]
    S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]
    R2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation) [File not signed]
    S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
    R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 ATSZIO; C:\Program Files\ASUS\ASUS PC Diagnostics\ATSZIO.sys [18048 2011-03-04] ()
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-08-15] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-08-15] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
    S3 b06bdrv; C:\Windows\system32\drivers\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation) [File not signed]
    S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation) [File not signed]
    S3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation) [File not signed]
    S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.) [File not signed]
    S3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9036800 2011-02-11] (Intel Corporation) [File not signed]
    S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
    S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation) [File not signed]
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
    S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
    S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27264 2010-11-20] (Microsoft Corporation) [File not signed]
    S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [195712 2011-06-08] ( )

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-14 07:57 - 2014-09-14 07:57 - 00011040 _____ () C:\Users\USER\Desktop\FRST.txt
    2014-09-12 17:36 - 2014-09-12 17:37 - 00000000 ____D () C:\Users\USER\Desktop\aswMBR_logs_3
    2014-09-12 17:34 - 2014-09-12 17:34 - 00000000 ____D () C:\Users\USER\Desktop\FRST_logs_3
    2014-09-12 17:32 - 2014-09-12 17:33 - 00000000 ____D () C:\Users\USER\Desktop\FRST_logs_2
    2014-09-12 16:20 - 2014-09-12 16:20 - 00000000 __RSH () C:\MSDOS.SYS
    2014-09-12 16:20 - 2014-09-12 16:20 - 00000000 __RSH () C:\IO.SYS
    2014-09-12 16:18 - 2014-09-14 07:57 - 00000000 ____D () C:\FRST
    2014-09-12 15:59 - 2014-09-12 15:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-12 15:59 - 2014-09-12 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-12 15:59 - 2014-09-12 15:59 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-09-12 14:36 - 2014-09-12 14:37 - 00000000 ____D () C:\Users\USER\Desktop\Screenshots
    2014-09-12 14:22 - 2014-09-12 13:05 - 05185536 _____ (AVAST Software) C:\Users\USER\Desktop\aswMBR.exe
    2014-09-12 14:22 - 2014-09-12 13:03 - 01097728 _____ (Farbar) C:\Users\USER\Desktop\FRST.exe
    2014-09-06 19:04 - 2014-09-07 15:35 - 00000000 ____D () C:\Users\USER\Documents\VHS to DVD
    2014-09-06 08:43 - 2014-09-06 08:43 - 00014463 _____ () C:\INSTALL.LOG
    2014-09-06 08:43 - 2014-09-06 08:43 - 00000000 ____D () C:\Users\USER\AppData\Local\VHS to DVD
    2014-09-06 08:43 - 2014-09-06 08:43 - 00000000 ____D () C:\Users\Administrator
    2014-09-06 08:43 - 2002-07-26 17:02 - 00153088 _____ () C:\UNWISE.EXE
    2014-09-06 08:41 - 2014-09-06 08:41 - 00002031 _____ () C:\Users\Public\Desktop\honestech VHS to DVD 2.0 SE.lnk
    2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\honestech VHS to DVD 2.0 SE
    2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\Program Files\honestech VHS to DVD 2.0 SE
    2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\Program Files\honestech
    2014-09-06 08:29 - 2014-09-06 08:29 - 00000000 ____D () C:\Users\USER\AppData\Roaming\InstallShield
    2014-09-06 08:29 - 2014-09-06 08:29 - 00000000 ____D () C:\Program Files\ VIDEO DVR
    2014-09-06 08:29 - 2011-06-08 17:22 - 00195712 _____ ( ) C:\Windows\system32\Drivers\OEMDrv.sys
    2014-09-01 00:58 - 2014-08-23 02:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-09-01 00:58 - 2014-08-23 01:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-28 00:10 - 2014-08-28 00:11 - 00000000 ____D () C:\Users\USER\Desktop\SuperAntiSpyware_Scan
    2014-08-27 22:59 - 2014-08-27 22:59 - 00003280 ____N () C:\bootsqm.dat
    2014-08-25 22:57 - 2014-08-25 22:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-08-25 22:57 - 2014-08-25 22:57 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2014-08-25 22:57 - 2014-08-25 22:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-08-25 22:57 - 2014-08-25 22:57 - 00000000 ____D () C:\Program Files\Adobe
    2014-08-25 00:09 - 2014-08-25 00:09 - 00000000 ____D () C:\Users\USER 2\AppData\Roaming\Avira
    2014-08-24 23:56 - 2014-08-24 23:56 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Avira
    2014-08-24 23:54 - 2014-08-15 10:30 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
    2014-08-24 23:54 - 2014-08-15 10:30 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
    2014-08-24 23:54 - 2014-08-15 10:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
    2014-08-24 23:54 - 2014-08-15 10:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
    2014-08-24 23:32 - 2014-08-24 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2014-08-24 23:32 - 2014-08-24 23:54 - 00000000 ____D () C:\ProgramData\Avira
    2014-08-24 23:32 - 2014-08-24 23:32 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
    2014-08-24 23:32 - 2014-08-24 23:32 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-08-24 22:54 - 2014-08-25 22:28 - 00132680 _____ () C:\Windows\PFRO.log
    2014-08-21 18:18 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-08-21 18:18 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-08-21 18:18 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-08-21 18:18 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-08-21 18:18 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-08-21 18:18 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-08-21 18:18 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-08-21 18:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-08-21 18:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-14 07:57 - 2014-09-14 07:57 - 00011040 _____ () C:\Users\USER\Desktop\FRST.txt
    2014-09-14 07:57 - 2014-09-12 16:18 - 00000000 ____D () C:\FRST
    2014-09-14 07:34 - 2009-07-14 05:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-14 07:34 - 2009-07-14 05:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-14 07:33 - 2010-11-20 22:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-14 07:30 - 2014-08-01 19:07 - 00875854 _____ () C:\Windows\WindowsUpdate.log
    2014-09-14 07:26 - 2014-08-01 19:05 - 00021955 _____ () C:\Windows\setupact.log
    2014-09-14 07:26 - 2014-06-08 23:49 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-09-14 07:26 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-12 17:37 - 2014-09-12 17:36 - 00000000 ____D () C:\Users\USER\Desktop\aswMBR_logs_3
    2014-09-12 17:34 - 2014-09-12 17:34 - 00000000 ____D () C:\Users\USER\Desktop\FRST_logs_3
    2014-09-12 17:33 - 2014-09-12 17:32 - 00000000 ____D () C:\Users\USER\Desktop\FRST_logs_2
    2014-09-12 16:20 - 2014-09-12 16:20 - 00000000 __RSH () C:\MSDOS.SYS
    2014-09-12 16:20 - 2014-09-12 16:20 - 00000000 __RSH () C:\IO.SYS
    2014-09-12 15:59 - 2014-09-12 15:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2014-09-12 15:59 - 2014-09-12 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-09-12 15:59 - 2014-09-12 15:59 - 00000000 ____D () C:\Program Files\Tweaking.com
    2014-09-12 14:37 - 2014-09-12 14:36 - 00000000 ____D () C:\Users\USER\Desktop\Screenshots
    2014-09-12 13:05 - 2014-09-12 14:22 - 05185536 _____ (AVAST Software) C:\Users\USER\Desktop\aswMBR.exe
    2014-09-12 13:03 - 2014-09-12 14:22 - 01097728 _____ (Farbar) C:\Users\USER\Desktop\FRST.exe
    2014-09-07 20:04 - 2014-08-01 19:15 - 00000000 ____D () C:\Users\USER\Desktop\rcsetup151
    2014-09-07 15:35 - 2014-09-06 19:04 - 00000000 ____D () C:\Users\USER\Documents\VHS to DVD
    2014-09-06 08:43 - 2014-09-06 08:43 - 00014463 _____ () C:\INSTALL.LOG
    2014-09-06 08:43 - 2014-09-06 08:43 - 00000000 ____D () C:\Users\USER\AppData\Local\VHS to DVD
    2014-09-06 08:43 - 2014-09-06 08:43 - 00000000 ____D () C:\Users\Administrator
    2014-09-06 08:41 - 2014-09-06 08:41 - 00002031 _____ () C:\Users\Public\Desktop\honestech VHS to DVD 2.0 SE.lnk
    2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\honestech VHS to DVD 2.0 SE
    2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\Program Files\honestech VHS to DVD 2.0 SE
    2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\Program Files\honestech
    2014-09-06 08:41 - 2014-06-05 15:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
    2014-09-06 08:29 - 2014-09-06 08:29 - 00000000 ____D () C:\Users\USER\AppData\Roaming\InstallShield
    2014-09-06 08:29 - 2014-09-06 08:29 - 00000000 ____D () C:\Program Files\ VIDEO DVR
    2014-09-01 01:01 - 2009-07-14 05:33 - 00286472 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-09-01 00:56 - 2014-06-07 00:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-28 00:11 - 2014-08-28 00:10 - 00000000 ____D () C:\Users\USER\Desktop\SuperAntiSpyware_Scan
    2014-08-27 22:59 - 2014-08-27 22:59 - 00003280 ____N () C:\bootsqm.dat
    2014-08-25 22:57 - 2014-08-25 22:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-08-25 22:57 - 2014-08-25 22:57 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2014-08-25 22:57 - 2014-08-25 22:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-08-25 22:57 - 2014-08-25 22:57 - 00000000 ____D () C:\Program Files\Adobe
    2014-08-25 22:57 - 2014-06-05 23:18 - 00000000 ____D () C:\ProgramData\Adobe
    2014-08-25 22:43 - 2014-07-28 19:59 - 00000000 ____D () C:\Users\USER\Desktop\Registry_clean
    2014-08-25 22:28 - 2014-08-24 22:54 - 00132680 _____ () C:\Windows\PFRO.log
    2014-08-25 00:09 - 2014-08-25 00:09 - 00000000 ____D () C:\Users\USER 2\AppData\Roaming\Avira
    2014-08-24 23:56 - 2014-08-24 23:56 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Avira
    2014-08-24 23:55 - 2014-08-24 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2014-08-24 23:54 - 2014-08-24 23:32 - 00000000 ____D () C:\ProgramData\Avira
    2014-08-24 23:54 - 2014-07-09 21:39 - 00000000 ____D () C:\Program Files\Avira
    2014-08-24 23:32 - 2014-08-24 23:32 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
    2014-08-24 23:32 - 2014-08-24 23:32 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-08-23 02:46 - 2014-09-01 00:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-23 01:42 - 2014-09-01 00:58 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-15 10:30 - 2014-08-24 23:54 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
    2014-08-15 10:30 - 2014-08-24 23:54 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
    2014-08-15 10:30 - 2014-08-24 23:54 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
    2014-08-15 10:30 - 2014-08-24 23:54 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

    Some content of TEMP:
    ====================
    C:\Users\USER\AppData\Local\Temp\avgnt.exe
    C:\Users\USER 2\AppData\Local\Temp\avgnt.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-12 16:45

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014
    Ran by USER at 2014-09-14 07:57:38
    Running from C:\Users\USER\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    VIDEO DVR (HKLM\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -)
    Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
    ASUS GPU Tweak (HKLM\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
    ASUS GPU Tweak (Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
    ASUS PC Diagnostics (HKLM\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.1.2 - ASUSTeK Computer Inc.)
    Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
    Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
    Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
    Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
    CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
    honestech VHS to DVD 2.0 SE (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
    NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
    NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
    NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
    NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
    NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
    NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
    OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
    SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {53B9DE1C-E5FA-49F8-92EA-48243390BDEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Loaded Modules (whitelisted) =============

    2014-06-08 23:49 - 2014-05-20 01:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
    2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\System32\ASGT.exe
    2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
    2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
    2014-08-13 08:51 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\USER\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/14/2014 07:28:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 05:41:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 05:18:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 04:29:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 04:16:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 04:03:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 03:47:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 03:46:57 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)

    Error: (09/12/2014 03:46:57 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index {id=1300}. The service will attempt to automatically correct this problem by rebuilding the index.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)

    Error: (09/12/2014 02:39:46 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
    Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


    System errors:
    =============
    Error: (09/12/2014 05:38:13 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (09/12/2014 05:38:12 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (09/12/2014 05:38:11 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (09/12/2014 05:38:08 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (09/12/2014 05:38:06 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (09/12/2014 05:38:05 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (09/12/2014 04:25:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (09/12/2014 04:21:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (09/12/2014 04:15:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (09/12/2014 04:15:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (09/14/2014 07:28:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 05:41:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 05:18:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 04:29:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 04:16:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 04:03:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 03:47:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (09/12/2014 03:46:57 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)
    The catalog is corrupt

    Error: (09/12/2014 03:46:57 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)
    1300

    Error: (09/12/2014 02:39:46 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
    Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
    Percentage of memory in use: 23%
    Total physical RAM: 3583.12 MB
    Available physical RAM: 2730.91 MB
    Total Pagefile: 7164.52 MB
    Available Pagefile: 6137.16 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1929.68 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:140.95 GB) (Free:121.05 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: BA9D76DE)
    Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

    aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
    Run date: 2014-09-14 07:59:22
    -----------------------------
    07:59:22.702 OS Version: Windows 6.1.7601 Service Pack 1
    07:59:22.702 Number of processors: 2 586 0xF0D
    07:59:22.702 ComputerName: USER-PC UserName: USER
    07:59:23.357 Initialize success
    07:59:23.404 VM: initialized successfully
    07:59:23.420 VM: Intel CPU virtualization not supported
    07:59:34.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6
    07:59:34.903 Disk 0 Vendor: ST3160215AS 3.AAC Size: 152627MB BusType: 3
    07:59:35.028 Disk 0 MBR read successfully
    07:59:35.043 Disk 0 MBR scan
    07:59:35.043 Disk 0 Windows 7 default MBR code
    07:59:35.074 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8192 MB offset 2048
    07:59:35.106 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 16779264
    07:59:35.137 Disk 0 default boot code
    07:59:35.168 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 144333 MB offset 16984064
    07:59:35.184 Disk 0 scanning sectors +312578048
    07:59:35.340 Disk 0 scanning C:\Windows\system32\drivers
    07:59:41.018 Service scanning
    08:00:14.948 Modules scanning
    08:00:34.074 Disk 0 trace - called modules:
    08:00:34.120 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    08:00:34.120 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e8580]
    08:00:34.136 3 CLASSPNP.SYS[8c79459e] -> nt!IofCallDriver -> [0x8603f938]
    08:00:34.152 5 ACPI.sys[8c2a73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-6[0x86019908]
    08:00:34.167 Scan finished successfully
    08:00:57.255 Disk 0 MBR has been saved successfully to "C:\Users\USER\Desktop\MBR.dat"
    08:00:57.271 The log file has been saved successfully to "C:\Users\USER\Desktop\aswMBR.txt"

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Not looking at any malware but see a ton of errors related to your hard drive, I also see a ton of files that have not been signed, this may be the files that where replaced when running CHKDSK. Most times when CHKDSK just starts on its own like yours did it could be a sign that your hard disk is failing

    Did anything like this pop up on your computer

    http://www.bleepingcomputer.com/viru...ove-check-disk

    I think what I would do is post here in our sister site in there windows forum, tell them like here exactly whats going on, if they say your HD is fine then come on back here and we can dig deeper, I will leave this thread open for you for about a week in case you need to come back

    http://forums.whatthetech.com/index.php?showforum=119
    Last edited by ken545; 2014-09-14 at 20:37.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Apr 2006
    Posts
    56

    Default

    Hi ken545

    No I didn't get a pop-up like the one shown. The hard disk is 3 and a half years old and I have got a few apps for checking hard drives such as Seagate Tools etc., so I'll run these and post on the site you referred me to. Very relieved for now it may not be a virus as I have been worried about cross-contamination with my other pcs via my flash drives.

    Many thanks

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Hard drives do fail, sometimes right out of the box , then again some run for years with no problems.

    I will leave this thread open for you for a few days in case you need to post back
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I see you posted at WTT, good, I will leave this thread open for you in case they say your HD is fine and if so we can dig deeper. I am linked at WTT so I can follow along
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looks like your doing ok at WTT so I am going to close this thread, if you need it reopened you can just send me a PM or start a new thread
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •