My Laptop is Infected with Spyware

[Jimbub]

Hi,

I posted a thread on 05/01/2013 with the title "My Laptop is Infected with Spyware" and I was being helped by Shelf Life. I had to replace the motherboard and then post my DDR logs attached and below. I notice that my thread has been archived hence my new post. Please can I have some help?

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Jimbub at 18:50:47 on 2013-01-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2760 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: eTrust Antivirus *Disabled/Updated* {33EA71EA-56CF-40B5-A06B-BD3A27397C33}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewallService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\AVS4YOU\AVSFirewall\AVSFirewall.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk
uSearch Page = hxxp://www.google.co.uk/hws/sb/dell-usuk-rel/en/side.html?channel=uk
uDefault_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=2061028
mSearchAssistant = hxxp://www.google.com/ie
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nwiz] nwiz.exe /installquiet
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [AVSFirewall] c:\program files\avs4you\avsfirewall\AVSFirewall.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMQA1ADQAMwA0ADYANgAzADQANAAtAEYAUAA5ADIAKwA1AC0ARABEAFQAKwAwAC0ARgBMACsAOQAtAFMAVAA5ADAARgBBAFAAUAArADEA"&"prod=90"&"ver=9.0.914
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\james\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Halo\start menu\programs\imvu\Run IMVU.lnk
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352985970703
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/gb/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{29665DF0-9662-4271-9544-47628E7447F1} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\james\application data\mozilla\firefox\profiles\kij5gm0g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c3c2c17&v=6.103.018.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - component: c:\documents and settings\james\application data\mozilla\firefox\profiles\kij5gm0g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10174.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPILM500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-04 14:50; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2007-08-29 20:41; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - ExtSQL: !HIDDEN! 2010-07-15 11:56; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-4 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-4 361032]
R1 AVSRegMonDrv;AVSRegMonDrv;c:\program files\avs4you\avsfirewall\AVSRegMonDrv.sys [2012-11-15 17992]
R1 AVSTDIFilterDrv;AVSTDIFilterDrv;c:\program files\avs4you\avsfirewall\AVSTDIFilterDrv.sys [2012-11-15 24648]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-4 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-4 44808]
R2 AVSFirewallService;AVSFirewall Service;c:\program files\avs4you\avsfirewall\AVSFirewallService.exe [2012-11-15 80456]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R3 AVSNDISIMMP;AVSNDISIMMP;c:\windows\system32\drivers\AVSNDISIMDriver.sys [2012-11-15 23624]
S3 AVSNDISIM;AVSNDISIM Service;c:\windows\system32\drivers\AVSNDISIMDriver.sys [2012-11-15 23624]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-4 40776]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
.
=============== Created Last 30 ================
.
2013-01-04 17:08:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-04 14:50:22 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-04 14:49:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-04 14:20:49 -------- d-----w- c:\documents and settings\all users\application data\Anvisoft
2013-01-04 14:20:44 -------- d-----w- c:\program files\Anvisoft
2013-01-04 08:28:40 -------- d-----w- c:\documents and settings\james\local settings\application data\Help
2012-12-28 20:10:06 -------- d-----w- c:\documents and settings\james\application data\Malwarebytes
2012-12-28 20:03:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-12-28 20:03:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 20:03:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-24 18:20:10 -------- d-----w- c:\documents and settings\james\application data\RealNetworks
2012-12-24 17:36:31 -------- d-----w- c:\program files\RealNetworks
2012-12-24 17:36:27 -------- d-----w- c:\documents and settings\all users\application data\RealNetworks
2012-12-24 17:36:15 -------- d-----w- c:\program files\common files\xing shared
2012-12-24 17:36:03 153296 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2012-12-24 17:35:54 124056 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
.
==================== Find3M ====================
.
2013-01-19 17:33:51 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-19 17:33:51 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:51:38.67 ===============

[shelf life]

hi Jimbub,

Its me again. You got your new mainboard installed? How did that go, problem free? Your log looks ok.

[Jimbub]

I installed the motherboard ok but I am still having the same problems as before. I am not allowed to create a restore point before the date my laptop got infected.

Previous to my new motherboard I got the following Avast bootscan error messages:

"FileC:\System Volume Information\_restore is infected by WIN32:trojan.gen"
"FileC:\System Volume Information\_restore is infected by WIN32:Malware.gen".

If you refer to my previous post which has now been archived you will see that I did have other messages and infected files which were picked up by the bootscan. I have included the latest aswMBR log trace below which shows a suspicious file.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-31 16:42:21
-----------------------------
16:42:21.406 OS Version: Windows 5.1.2600 Service Pack 3
16:42:21.406 Number of processors: 2 586 0xF06
16:42:21.406 ComputerName: JAMES UserName: James
16:42:25.203 Initialize success
16:42:25.390 AVAST engine defs: 13013100
16:42:50.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
16:42:50.656 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301D Size: 76319MB BusType: 3
16:42:50.671 Disk 0 MBR read successfully
16:42:50.671 Disk 0 MBR scan
16:42:50.671 Disk 0 Windows XP default MBR code
16:42:50.671 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
16:42:50.671 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76230 MB offset 176715
16:42:50.687 Disk 0 scanning sectors +156296385
16:42:50.750 Disk 0 scanning C:\WINDOWS\system32\drivers
16:42:59.890 Service scanning
16:43:18.875 Modules scanning
16:43:24.265 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
16:43:25.000 Disk 0 trace - called modules:
16:43:25.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:43:25.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b174ab8]
16:43:25.031 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000008c[0x8b1c77b0]
16:43:25.031 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b1a9940]
16:43:25.500 AVAST engine scan C:\WINDOWS
16:43:32.281 AVAST engine scan C:\WINDOWS\system32
16:45:44.390 AVAST engine scan C:\WINDOWS\system32\drivers
16:45:56.640 AVAST engine scan C:\Documents and Settings\James
16:49:58.109 AVAST engine scan C:\Documents and Settings\All Users
16:50:25.296 Scan finished successfully
16:53:57.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James\Desktop\MBR.dat"
16:53:57.875 The log file has been saved successfully to "C:\Documents and Settings\James\Desktop\aswMBR.txt"

Kind Regards

Jimbub

[shelf life]

hi,

These two items below are in your system restore points

FileC:\System Volume Information\_restore is infected by WIN32:trojan.gen"
"FileC:\System Volume Information\_restore is infected by WIN32:Malware.gen".

Once your machine is running ok we would flush out all your old restores points and create a new one. That would take care of the two items above.
The suspicious item you pointed out is related to Sonic software. Suspicious dosnt always mean malware.
Is a updated Malwarebytes coming up clean after a scan?

[Jimbub]

Hi Shelf life,

Latest MBAM scan is complete and doesn't pick anything up. After using MBAM my laptop plays up and I have to shutdown by turning off the mains power.

[shelf life]

Logs look ok.

"I installed the motherboard ok but I am still having the same problems as before"
"I have to shutdown by turning off the mains power"

This isnt a malware issue, you must have some other hardware issue going on with your laptop. Its also possible it could be a driver issue or even software.

[Jimbub]

Hi Shelf life,

Sorry, I don't agree with you.

My laptop was working fine before I got the message from Avast to say I had infected files and what about all the Avast bootscan corrupted files and also the WIN32 malware and trojan files which are stopping me doing a system restore?

Regards

Jimbub

[Jimbub]

I will uninstall and re-install MBAM to see if this helps as this is the only program which affects my shutdown issue.

[shelf life]

I didnt realize it was only MBAM causing problems. If it still causes problems after you reinstall it then I would uninstall again for good. Then we can clear out your restore points and make a new one.

[Jimbub]

I re-installed MBAM but it is still causing the same issue with shutdown so I will un-install MBAM as you advised and contact you again.

Many thanks

Jimbub