PDA

View Full Version : CheckDisk virus?



alx21
2014-09-14, 11:16
Hi

I have been virus free for a few years until now. About two weeks ago, I surfed the net and then rebooted, still connected online, and CheckDisk (CHKDSK) ran by itself in DOS mode, identifying errors and replacing files. When it finished some of my Windows applications stopped running, for example, Photo Viewer and Notepad. My security applications also began to behave strangely e.g. my resident anti-virus Avira would not open until I reboot at least twice, and another application, called Lock.exe, which protects my password-protected flash drive, stopped working altogether, denying me access to the contents on the drive. When I tried the flash drive on another computer, it worked OK, so I ran MalwareBytes, which found nothing, but SuperAntiSpyware found a couple of malware named Rogue.Agent.Gen-Nullo in files identified as axinstsv.dll and certprop.dll. Further research suggested that these are legitimate Windows files and therefore possibly false positives. I have also looked at the CheckDisk application in Computer → Properties → Tools, but there is no automatic schedule timer for CheckDisk to run.

Did a rogue website force CheckDisk to run and then infect the PC? Since then I have kept the computer off-line, and I was about to reinstall Windows but I'm wary about doing so on top of a possible live virus, and I would appreciate some help. I have followed all the posting instructions except that Tweaking.com Registry Backup application will not run, citing -

“Failed to load control 'Folder Browser' from. Your version of may be outdated. Make sure you are using the version of the control that was provided with your application”. My FRST and aswMBR logs are below.

Thanks.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by USER (administrator) on USER-PC on 14-09-2014 07:57:01
Running from C:\Users\USER\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\System32\ASGT.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10127976 2011-06-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 ASGT; C:\Windows\System32\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
S3 AXINSTSV; C:\Windows\System32\AxInstSV.dll [88064 2010-11-20] () [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed]
S3 CERTPROPSVC; C:\Windows\System32\certprop.dll [67584 2010-11-20] () [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [194560 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [68096 2010-11-20] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [327680 2009-07-14] (Microsoft Corporation) [File not signed]
R3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [20480 2009-07-14] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [269824 2009-07-14] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-14] (Microsoft Corporation) [File not signed]
S3 SCPOLICYSVC; C:\Windows\System32\certprop.dll [67584 2010-11-20] () [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed]
R2 StiSvc; C:\Windows\System32\wiaservc.dll [463360 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1159168 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [73216 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1203200 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-14] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed]
S3 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-14] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1121792 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2009-07-14] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ATSZIO; C:\Program Files\ASUS\ASUS PC Diagnostics\ATSZIO.sys [18048 2011-03-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 b06bdrv; C:\Windows\system32\drivers\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation) [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9036800 2011-02-11] (Intel Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] (Microsoft Corporation) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] (Microsoft Corporation) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [27264 2010-11-20] (Microsoft Corporation) [File not signed]
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [195712 2011-06-08] ( )

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 07:57 - 2014-09-14 07:57 - 00011040 _____ () C:\Users\USER\Desktop\FRST.txt
2014-09-12 17:36 - 2014-09-12 17:37 - 00000000 ____D () C:\Users\USER\Desktop\aswMBR_logs_3
2014-09-12 17:34 - 2014-09-12 17:34 - 00000000 ____D () C:\Users\USER\Desktop\FRST_logs_3
2014-09-12 17:32 - 2014-09-12 17:33 - 00000000 ____D () C:\Users\USER\Desktop\FRST_logs_2
2014-09-12 16:20 - 2014-09-12 16:20 - 00000000 __RSH () C:\MSDOS.SYS
2014-09-12 16:20 - 2014-09-12 16:20 - 00000000 __RSH () C:\IO.SYS
2014-09-12 16:18 - 2014-09-14 07:57 - 00000000 ____D () C:\FRST
2014-09-12 15:59 - 2014-09-12 15:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-12 15:59 - 2014-09-12 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-12 15:59 - 2014-09-12 15:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-12 14:36 - 2014-09-12 14:37 - 00000000 ____D () C:\Users\USER\Desktop\Screenshots
2014-09-12 14:22 - 2014-09-12 13:05 - 05185536 _____ (AVAST Software) C:\Users\USER\Desktop\aswMBR.exe
2014-09-12 14:22 - 2014-09-12 13:03 - 01097728 _____ (Farbar) C:\Users\USER\Desktop\FRST.exe
2014-09-06 19:04 - 2014-09-07 15:35 - 00000000 ____D () C:\Users\USER\Documents\VHS to DVD
2014-09-06 08:43 - 2014-09-06 08:43 - 00014463 _____ () C:\INSTALL.LOG
2014-09-06 08:43 - 2014-09-06 08:43 - 00000000 ____D () C:\Users\USER\AppData\Local\VHS to DVD
2014-09-06 08:43 - 2014-09-06 08:43 - 00000000 ____D () C:\Users\Administrator
2014-09-06 08:43 - 2002-07-26 17:02 - 00153088 _____ () C:\UNWISE.EXE
2014-09-06 08:41 - 2014-09-06 08:41 - 00002031 _____ () C:\Users\Public\Desktop\honestech VHS to DVD 2.0 SE.lnk
2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\honestech VHS to DVD 2.0 SE
2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\Program Files\honestech VHS to DVD 2.0 SE
2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\Program Files\honestech
2014-09-06 08:29 - 2014-09-06 08:29 - 00000000 ____D () C:\Users\USER\AppData\Roaming\InstallShield
2014-09-06 08:29 - 2014-09-06 08:29 - 00000000 ____D () C:\Program Files\ VIDEO DVR
2014-09-06 08:29 - 2011-06-08 17:22 - 00195712 _____ ( ) C:\Windows\system32\Drivers\OEMDrv.sys
2014-09-01 00:58 - 2014-08-23 02:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-01 00:58 - 2014-08-23 01:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 00:10 - 2014-08-28 00:11 - 00000000 ____D () C:\Users\USER\Desktop\SuperAntiSpyware_Scan
2014-08-27 22:59 - 2014-08-27 22:59 - 00003280 ____N () C:\bootsqm.dat
2014-08-25 22:57 - 2014-08-25 22:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-25 22:57 - 2014-08-25 22:57 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-25 22:57 - 2014-08-25 22:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-25 22:57 - 2014-08-25 22:57 - 00000000 ____D () C:\Program Files\Adobe
2014-08-25 00:09 - 2014-08-25 00:09 - 00000000 ____D () C:\Users\USER 2\AppData\Roaming\Avira
2014-08-24 23:56 - 2014-08-24 23:56 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Avira
2014-08-24 23:54 - 2014-08-15 10:30 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-24 23:54 - 2014-08-15 10:30 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-24 23:54 - 2014-08-15 10:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-24 23:54 - 2014-08-15 10:30 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-08-24 23:32 - 2014-08-24 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 23:32 - 2014-08-24 23:54 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 23:32 - 2014-08-24 23:32 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-24 23:32 - 2014-08-24 23:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-24 22:54 - 2014-08-25 22:28 - 00132680 _____ () C:\Windows\PFRO.log
2014-08-21 18:18 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-21 18:18 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-21 18:18 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-21 18:18 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-21 18:18 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-21 18:18 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-21 18:18 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-21 18:18 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-21 18:18 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 07:57 - 2014-09-14 07:57 - 00011040 _____ () C:\Users\USER\Desktop\FRST.txt
2014-09-14 07:57 - 2014-09-12 16:18 - 00000000 ____D () C:\FRST
2014-09-14 07:34 - 2009-07-14 05:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 07:34 - 2009-07-14 05:34 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 07:33 - 2010-11-20 22:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 07:30 - 2014-08-01 19:07 - 00875854 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 07:26 - 2014-08-01 19:05 - 00021955 _____ () C:\Windows\setupact.log
2014-09-14 07:26 - 2014-06-08 23:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-14 07:26 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 17:37 - 2014-09-12 17:36 - 00000000 ____D () C:\Users\USER\Desktop\aswMBR_logs_3
2014-09-12 17:34 - 2014-09-12 17:34 - 00000000 ____D () C:\Users\USER\Desktop\FRST_logs_3
2014-09-12 17:33 - 2014-09-12 17:32 - 00000000 ____D () C:\Users\USER\Desktop\FRST_logs_2
2014-09-12 16:20 - 2014-09-12 16:20 - 00000000 __RSH () C:\MSDOS.SYS
2014-09-12 16:20 - 2014-09-12 16:20 - 00000000 __RSH () C:\IO.SYS
2014-09-12 15:59 - 2014-09-12 15:59 - 00002185 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-12 15:59 - 2014-09-12 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-12 15:59 - 2014-09-12 15:59 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-12 14:37 - 2014-09-12 14:36 - 00000000 ____D () C:\Users\USER\Desktop\Screenshots
2014-09-12 13:05 - 2014-09-12 14:22 - 05185536 _____ (AVAST Software) C:\Users\USER\Desktop\aswMBR.exe
2014-09-12 13:03 - 2014-09-12 14:22 - 01097728 _____ (Farbar) C:\Users\USER\Desktop\FRST.exe
2014-09-07 20:04 - 2014-08-01 19:15 - 00000000 ____D () C:\Users\USER\Desktop\rcsetup151
2014-09-07 15:35 - 2014-09-06 19:04 - 00000000 ____D () C:\Users\USER\Documents\VHS to DVD
2014-09-06 08:43 - 2014-09-06 08:43 - 00014463 _____ () C:\INSTALL.LOG
2014-09-06 08:43 - 2014-09-06 08:43 - 00000000 ____D () C:\Users\USER\AppData\Local\VHS to DVD
2014-09-06 08:43 - 2014-09-06 08:43 - 00000000 ____D () C:\Users\Administrator
2014-09-06 08:41 - 2014-09-06 08:41 - 00002031 _____ () C:\Users\Public\Desktop\honestech VHS to DVD 2.0 SE.lnk
2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\honestech VHS to DVD 2.0 SE
2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\Program Files\honestech VHS to DVD 2.0 SE
2014-09-06 08:41 - 2014-09-06 08:41 - 00000000 ____D () C:\Program Files\honestech
2014-09-06 08:41 - 2014-06-05 15:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-06 08:29 - 2014-09-06 08:29 - 00000000 ____D () C:\Users\USER\AppData\Roaming\InstallShield
2014-09-06 08:29 - 2014-09-06 08:29 - 00000000 ____D () C:\Program Files\ VIDEO DVR
2014-09-01 01:01 - 2009-07-14 05:33 - 00286472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 00:56 - 2014-06-07 00:52 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 00:11 - 2014-08-28 00:10 - 00000000 ____D () C:\Users\USER\Desktop\SuperAntiSpyware_Scan
2014-08-27 22:59 - 2014-08-27 22:59 - 00003280 ____N () C:\bootsqm.dat
2014-08-25 22:57 - 2014-08-25 22:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-25 22:57 - 2014-08-25 22:57 - 00001989 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-25 22:57 - 2014-08-25 22:57 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-25 22:57 - 2014-08-25 22:57 - 00000000 ____D () C:\Program Files\Adobe
2014-08-25 22:57 - 2014-06-05 23:18 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-25 22:43 - 2014-07-28 19:59 - 00000000 ____D () C:\Users\USER\Desktop\Registry_clean
2014-08-25 22:28 - 2014-08-24 22:54 - 00132680 _____ () C:\Windows\PFRO.log
2014-08-25 00:09 - 2014-08-25 00:09 - 00000000 ____D () C:\Users\USER 2\AppData\Roaming\Avira
2014-08-24 23:56 - 2014-08-24 23:56 - 00000000 ____D () C:\Users\USER\AppData\Roaming\Avira
2014-08-24 23:55 - 2014-08-24 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-24 23:54 - 2014-08-24 23:32 - 00000000 ____D () C:\ProgramData\Avira
2014-08-24 23:54 - 2014-07-09 21:39 - 00000000 ____D () C:\Program Files\Avira
2014-08-24 23:32 - 2014-08-24 23:32 - 00001091 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-24 23:32 - 2014-08-24 23:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-23 02:46 - 2014-09-01 00:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:42 - 2014-09-01 00:58 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 10:30 - 2014-08-24 23:54 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-24 23:54 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-24 23:54 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-08-15 10:30 - 2014-08-24 23:54 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys

Some content of TEMP:
====================
C:\Users\USER\AppData\Local\Temp\avgnt.exe
C:\Users\USER 2\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-12 16:45

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014
Ran by USER at 2014-09-14 07:57:38
Running from C:\Users\USER\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

VIDEO DVR (HKLM\...\{EBD0EE76-2CFC-4EE5-AFE6-7EEAA3B14332}) (Version: 2012.04.17 - -)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ASUS GPU Tweak (HKLM\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
ASUS PC Diagnostics (HKLM\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.1.2 - ASUSTeK Computer Inc.)
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
honestech VHS to DVD 2.0 SE (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 2.0 - honestech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {53B9DE1C-E5FA-49F8-92EA-48243390BDEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-06-08 23:49 - 2014-05-20 01:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\System32\ASGT.exe
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-13 08:51 - 2014-08-04 14:20 - 00052472 _____ () C:\Users\USER\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 07:28:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 05:41:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 05:18:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 04:29:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 04:16:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 04:03:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 03:47:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 03:46:57 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (09/12/2014 03:46:57 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1300}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (09/12/2014 02:39:46 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


System errors:
=============
Error: (09/12/2014 05:38:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/12/2014 05:38:12 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/12/2014 05:38:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/12/2014 05:38:08 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/12/2014 05:38:06 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/12/2014 05:38:05 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (09/12/2014 04:25:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/12/2014 04:21:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/12/2014 04:15:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/12/2014 04:15:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (09/14/2014 07:28:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 05:41:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 05:18:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 04:29:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 04:16:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 04:03:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 03:47:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 03:46:57 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (09/12/2014 03:46:57 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
1300

Error: (09/12/2014 02:39:46 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 23%
Total physical RAM: 3583.12 MB
Available physical RAM: 2730.91 MB
Total Pagefile: 7164.52 MB
Available Pagefile: 6137.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1929.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:140.95 GB) (Free:121.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: BA9D76DE)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=141 GB) - (Type=07 NTFS)

==================== End Of Log ============================

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-14 07:59:22
-----------------------------
07:59:22.702 OS Version: Windows 6.1.7601 Service Pack 1
07:59:22.702 Number of processors: 2 586 0xF0D
07:59:22.702 ComputerName: USER-PC UserName: USER
07:59:23.357 Initialize success
07:59:23.404 VM: initialized successfully
07:59:23.420 VM: Intel CPU virtualization not supported
07:59:34.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6
07:59:34.903 Disk 0 Vendor: ST3160215AS 3.AAC Size: 152627MB BusType: 3
07:59:35.028 Disk 0 MBR read successfully
07:59:35.043 Disk 0 MBR scan
07:59:35.043 Disk 0 Windows 7 default MBR code
07:59:35.074 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8192 MB offset 2048
07:59:35.106 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 16779264
07:59:35.137 Disk 0 default boot code
07:59:35.168 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 144333 MB offset 16984064
07:59:35.184 Disk 0 scanning sectors +312578048
07:59:35.340 Disk 0 scanning C:\Windows\system32\drivers
07:59:41.018 Service scanning
08:00:14.948 Modules scanning
08:00:34.074 Disk 0 trace - called modules:
08:00:34.120 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
08:00:34.120 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e8580]
08:00:34.136 3 CLASSPNP.SYS[8c79459e] -> nt!IofCallDriver -> [0x8603f938]
08:00:34.152 5 ACPI.sys[8c2a73d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-6[0x86019908]
08:00:34.167 Scan finished successfully
08:00:57.255 Disk 0 MBR has been saved successfully to "C:\Users\USER\Desktop\MBR.dat"
08:00:57.271 The log file has been saved successfully to "C:\Users\USER\Desktop\aswMBR.txt"

ken545
2014-09-14, 20:35
:snwelcome:

Not looking at any malware but see a ton of errors related to your hard drive, I also see a ton of files that have not been signed, this may be the files that where replaced when running CHKDSK. Most times when CHKDSK just starts on its own like yours did it could be a sign that your hard disk is failing

Did anything like this pop up on your computer

http://www.bleepingcomputer.com/virus-removal/remove-check-disk

I think what I would do is post here in our sister site in there windows forum, tell them like here exactly whats going on, if they say your HD is fine then come on back here and we can dig deeper, I will leave this thread open for you for about a week in case you need to come back

http://forums.whatthetech.com/index.php?showforum=119

alx21
2014-09-16, 00:02
Hi ken545

No I didn't get a pop-up like the one shown. The hard disk is 3 and a half years old and I have got a few apps for checking hard drives such as Seagate Tools etc., so I'll run these and post on the site you referred me to. Very relieved for now it may not be a virus as I have been worried about cross-contamination with my other pcs via my flash drives.

Many thanks

ken545
2014-09-16, 00:11
Hi,

Hard drives do fail, sometimes right out of the box , then again some run for years with no problems.

I will leave this thread open for you for a few days in case you need to post back

ken545
2014-09-18, 03:08
I see you posted at WTT, good, I will leave this thread open for you in case they say your HD is fine and if so we can dig deeper. I am linked at WTT so I can follow along

ken545
2014-09-23, 15:07
Looks like your doing ok at WTT so I am going to close this thread, if you need it reopened you can just send me a PM or start a new thread