Rootkit - Access Denied (5)

A full scan came up with a Rootkit in: C:\Windows\LastGood\system32\DRIVERS\netr28ux.sys and although I have run a boot scan (which has come up with no viruses) if I go into scan history and results for the previous one, the result says, “Error: Access is denied (5)”

Screenshot of results:

http://www.tiikoni.com/tis/view/?id=237dbd8

The folder and file themselves are hidden, and I couldn’t find a way to access them. Besides that, researching the file name comes up with a LAN wireless driver from Ralink RT2870. This is not the wireless adapter I use. Mine is [suspicious]NETGEAR WNDA4100 N900[/suspicious] Wireless Dual Band. So I am just praying that it’s a false positive. I’m thinking the file would be safe to delete, seeming it belongs to something that I don’t use.

It may have been my previous (and first) Wireless USB, but I honestly cannot remember. I don’t see any other Ralink programs/folders when I do a full search of my entire PC including external HD. I don’t know what other information may be helpful here. Apologies on my ignorance.

It’s funny, though. I’ve just been having internet troubles (sloth-like speeds) and doing a full scan and boot scan have seemed to fix it.

Thank you in advance, here. I really have no idea what i’m doing and I hope this is enough info.

Follow instructions http://forum.avast.com/index.php?topic=53253.0

Alrighty, that thread makes sense now!

No malicious items were detected. Doing OTL. Will edit below when finished (closing browser.)

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Admin :: GYPSY [administrator]

Protection: Enabled

10/03/2014 1:58:00 AM
mbam-log-2014-03-10 (01-58-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238793
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

EDIT: Updating Malware bytes gave me a couple PUPs but researching showed nothing to worry about here.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Admin :: GYPSY [administrator]

Protection: Enabled

10/03/2014 2:26:33 AM
mbam-log-2014-03-10 (02-26-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247407
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\Software\Iminent (PUP.Optional.Iminent.A) → Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Admin\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) → Quarantined and deleted successfully.
C:\Users\Admin\AppData\Roaming\OpenCandy\7AC26A2BEDA94CA883F0A8820EAB60D7 (PUP.Optional.OpenCandy) → Quarantined and deleted successfully.

Files Detected: 1
C:\Users\Admin\AppData\Roaming\OpenCandy\7AC26A2BEDA94CA883F0A8820EAB60D7\driverscannerAUNZ.exe (PUP.Optional.OpenCandy) → Quarantined and deleted successfully.

(end)

C:\Windows\LastGood this is a protected system area so Avast will not be able to run any action on it. If you reboot a few times this will get replaced

That sounds too good to be true! It’s 2am, so I will reboot a couple more times, run a boot scan and get back to this thread in the morning (my morning - EU.)

Thank you to the both of you.