I cannot access the internet.

[SuperDave]

Ok. Please try this:

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[jim.mar]

SuperDave: Sorry, when I tried to run ROOTER.exe from the flash drive, I got the same message:
"Illegal operation attempted on a registry key that has been marked for deletion".   I moved it into my "downloads" file.  Same results.

[jim.mar]

However, I if I try to play music with .wav, .wma,.or .mp3 formats out of my hard drive, the music comes through OK.  My sound board works.   I can transfer files around etc.  I just can't seem to open any apps withsout getting that  message.

[SuperDave]

when I tried to run ROOTER.exe from the flash drive

Don't try to run it from the flash drive. Transfer the program to your desktop and run it from there.

Now download and Run exeHelper

•Please download exeHelper to your desktop.

•Double-click on exeHelper.com to run the fix.

•A black window should pop up, press any key to close once the fix is completed.
•Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file)

[jim.mar]

SuperDave:    It's no use.   I can't run either  "ROOTER.exe" or "exeHelper.com".  I just keep getting this message;

"Illegal operation attempted on a registry key that has been marked for deletion".   

[SuperDave]

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

[jim.mar]

  The program looked a lot different than what you described but I did the scan, took an hour and 20 mins.   Found some Trojans.    I think this is the report that you wanted....   The other one was enormous and was listed chronologically.

Status: Disinfected   (events: 5)   
2/3/2012 1:56:42 PM   Disinfected   Trojan program Trojan.Win32.VB.anbr   D:\JIM-PC\Backup Set 2008-09-26 080602\Backup Files 2008-09-26 080602\Backup files 4.zip/I\downloads PC fix\aboutbuster.zip/AboutBuster.exe   High   
2/3/2012 1:56:54 PM   Disinfected   Trojan program Trojan.Win32.VB.anbr   D:\JIM-PC\Backup Set 2008-09-26 080602\Backup Files 2008-09-26 080602\Backup files 4.zip/I\downloads PC fix\aboutbuster.zip   High   
2/3/2012 1:56:54 PM   Disinfected   Trojan program Trojan.Win32.VB.anbr   D:\JIM-PC\Backup Set 2008-09-26 080602\Backup Files 2008-09-26 080602\Backup files 4.zip   High   
2/3/2012 1:57:58 PM   Disinfected   Trojan program Trojan.Win32.VB.anbr   E:\downloads PC fix\aboutbuster.zip/AboutBuster.exe   High   
2/3/2012 1:57:58 PM   Disinfected   Trojan program Trojan.Win32.VB.anbr   E:\downloads PC fix\aboutbuster.zip   High   
Status: Deleted   (events: 4)   
2/3/2012 2:11:45 PM   Deleted   Trojan program Trojan-Clicker.Win32.Agent.wdi   E:\trans prog files\PestPatrol\Quarantine\1309   High   
2/3/2012 2:11:46 PM   Deleted   Trojan program Trojan-Clicker.Win32.Agent.wdh   E:\trans prog files\PestPatrol\Quarantine\2128   High   
2/3/2012 2:11:48 PM   Deleted   Trojan program Trojan-Clicker.Win32.Agent.wdg   E:\trans prog files\PestPatrol\Quarantine\2730   High   
2/3/2012 2:11:52 PM   Deleted   Trojan program Trojan-Clicker.Win32.Agent.wdk   E:\trans prog files\PestPatrol\Quarantine\3424   High   

[SuperDave]

The program looked a lot different than what you described but I did the scan,

Sorry, I'll have to update my speech.
Are you still having problems connecting to the internet?
Do you still receive that message after you re-start your computer?

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 7 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.exe
* Rkill.com
* Rkill.scr
* WiNlOgOn.exe
* uSeRiNiT.exe
* iExplore.exe
* eXplorer.exe
Once you've gotten one of them to run then try to immediately run the following.

[jim.mar]

SuperDave: ... Now the machine is operating much like it did in the beginning.

YES I still have problems connecting  to the internet

NO I do not get the same message.  Now i get a different one  . .  ."the procedure entry point . . . "apsGetready" . . could  not be located in the data link library    "wlanapi.dll""


This occurs only at startup.    All of my other programs seem to run OKAY...  It's only  when I open a browser, ie Exprorer, Firefox, or Chrome that it tries but cannot connect.   It will try for several minutes then (Firefox or chrome) will time out.   ie Explorer seems to go on trying forever.

Should I still run Rkill ??

What should I try to immediately run  ? ?

[SuperDave]

Should I still run Rkill ??
What should I try to immediately run  ? ?

Please download Farbar Service Scanner and run it on the computer with the issue.

• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

**************************************************
Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

[jim.mar]

First the rkill log
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/04/2012 at 13:25:55.
Operating System: Windows 7 Home Premium

Second   The FSS logFarbar Service Scanner Version: 04-02-2012 01
Ran by JIM (administrator) on 04-02-2012 at 13:34:37
Running from "J:\"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Third  MBR logaswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-04 13:29:44
-----------------------------
13:29:44.962    OS Version: Windows x64 6.1.7601 Service Pack 1
13:29:44.962    Number of processors: 4 586 0x503
13:29:44.962    ComputerName: ROSIE  UserName: JIM
13:29:53.011    Initialize success
13:29:53.105    AVAST engine defs: 12020401
13:30:04.119    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:30:04.119    Disk 0 Vendor: WDC_WD6401AALS-00L3B2 01.03B01 Size: 610480MB BusType: 3
13:30:04.119    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-7
13:30:04.119    Disk 1 Vendor: DIAMOND__080G_2F5400 RAMB1TU0 Size: 78167MB BusType: 3
13:30:04.134    Disk 0 MBR read successfully
13:30:04.134    Disk 0 MBR scan
13:30:04.134    Disk 0 Windows 7 default MBR code
13:30:04.134    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:30:04.150    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       249900 MB offset 206848
13:30:04.165    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       360477 MB offset 512002048
13:30:04.165    Service scanning
13:30:05.601    Modules scanning
13:30:05.601    Disk 0 trace - called modules:
13:30:05.601    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:30:05.601    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a3c060]
13:30:05.616    3 CLASSPNP.SYS[fffff8800199643f] -> nt!IofCallDriver -> [0xfffffa8003957d50]
13:30:05.616    5 ACPI.sys[fffff88000ec27a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004476060]
13:30:06.162    AVAST engine scan C:\Windows
13:30:08.034    AVAST engine scan C:\Windows\system32
13:31:12.930    AVAST engine scan C:\Windows\system32\drivers
13:31:18.297    AVAST engine scan C:\Users\JIM
13:32:25.018    AVAST engine scan C:\ProgramData
13:33:05.952    Scan finished successfully
13:33:50.787    Disk 0 MBR has been saved successfully to "J:\MBR.dat"
13:33:50.818    The log file has been saved successfully to "J:\aswMBR.txt"




Processes terminated by Rkill or while it was running:



Rkill completed on 02/04/2012 at 13:26:21.

I hope that is what  you want

[SuperDave]

Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Everything looks good for the internet connection.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.

[jim.mar]

SuperDave, thanks for the comeback.  Don't give up on me yet please.   I still can't access the internet with ie,, firefoox, or chrome....
OKAY, here goes:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:         
Windows Version:      Windows 7 Home Premium Edition
Windows Information:      Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:   MSI
BIOS Manufacturer:      American Megatrends Inc.
System Manufacturer:      MSI
System Product Name:      MS-7599
Logical Drives Mask:      0x000003fc

Kernel Drivers (total 197):
  0x02C4D000 \SystemRoot\system32\ntoskrnl.exe
  0x02C04000 \SystemRoot\system32\hal.dll
  0x00BC1000 \SystemRoot\system32\kdcom.dll
  0x00C25000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00C32000 \SystemRoot\system32\PSHED.dll
  0x00C46000 \SystemRoot\system32\CLFS.SYS
  0x00CA4000 \SystemRoot\system32\CI.dll
  0x00EE8000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F8C000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F9B000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FF2000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00E00000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00E0A000 \SystemRoot\system32\drivers\pci.sys
  0x00E3D000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E4A000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E5F000 \SystemRoot\system32\drivers\volmgr.sys
  0x00E74000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00ED0000 \SystemRoot\system32\drivers\pciide.sys
  0x00ED7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00D64000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00D7E000 \SystemRoot\system32\drivers\atapi.sys
  0x00D87000 \SystemRoot\system32\drivers\ataport.SYS
  0x00DB1000 \SystemRoot\system32\drivers\amdxata.sys
  0x010AA000 \SystemRoot\system32\drivers\fltmgr.sys
  0x010F6000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01241000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x0110A000 \SystemRoot\System32\Drivers\msrpc.sys
  0x013E4000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01168000 \SystemRoot\System32\Drivers\cng.sys
  0x01200000 \SystemRoot\System32\drivers\pcw.sys
  0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x014E5000 \SystemRoot\system32\drivers\ndis.sys
  0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x0166B000 \SystemRoot\System32\drivers\tcpip.sys
  0x0186F000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x018B9000 \SystemRoot\system32\drivers\volsnap.sys
  0x01905000 \SystemRoot\System32\Drivers\spldr.sys
  0x0190D000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01947000 \SystemRoot\System32\Drivers\mup.sys
  0x01959000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01962000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x0199C000 \SystemRoot\system32\DRIVERS\disk.sys
  0x019B2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x0161C000 \SystemRoot\system32\drivers\cdrom.sys
  0x01000000 \SystemRoot\System32\Drivers\aswSnx.SYS
  0x01646000 \SystemRoot\System32\Drivers\Null.SYS
  0x0164F000 \SystemRoot\System32\Drivers\Beep.SYS
  0x01656000 \SystemRoot\System32\drivers\vga.sys
  0x0148B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x014B0000 \SystemRoot\System32\drivers\watchdog.sys
  0x014C0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x014C9000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x014D2000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x015D8000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x015E3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x0121B000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x01096000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x011DA000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x04099000 \??\C:\Windows\System32\drivers\pctgntdi64.sys
  0x040EF000 \Device\Harddisk0\Partition2\Windows\system32\drivers\PctWfpFilter64.sys
  0x04114000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x04159000 \SystemRoot\system32\drivers\afd.sys
  0x041E2000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x041EF000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x04000000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x04009000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x0402F000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x0403E000 \SystemRoot\system32\DRIVERS\serial.sys
  0x0405B000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x04076000 \SystemRoot\system32\drivers\termdd.sys
  0x0408A000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
  0x015F4000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
  0x03ED2000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x03F23000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x03F2F000 \SystemRoot\system32\drivers\mssmbios.sys
  0x03F3A000 \SystemRoot\System32\drivers\discache.sys
  0x03F49000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03F67000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x03F78000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x03FC9000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x03E00000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x04829000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x0427A000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x0436E000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x043B4000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
  0x043C9000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x04200000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x04256000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x043D4000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x04267000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x05331000 \SystemRoot\system32\drivers\i8042prt.sys
  0x0534F000 \SystemRoot\system32\drivers\kbdclass.sys
  0x0535E000 \SystemRoot\system32\drivers\mouclass.sys
  0x0536D000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x05376000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x04273000 \SystemRoot\system32\drivers\ksthunk.sys
  0x05386000 \SystemRoot\system32\drivers\ks.sys
  0x053C9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x04800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x053DF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x03E15000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x03E44000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x03E5F000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x03E80000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x03E9A000 \SystemRoot\system32\DRIVERS\pctNdis64.sys
  0x053EB000 \SystemRoot\system32\drivers\swenum.sys
  0x053ED000 \SystemRoot\system32\drivers\umbus.sys
  0x058AF000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x05909000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x06026000 \SystemRoot\system32\drivers\viahduaa.sys
  0x0591E000 \SystemRoot\system32\drivers\portcls.sys
  0x061DD000 \SystemRoot\system32\drivers\drmk.sys
  0x00020000 \SystemRoot\System32\win32k.sys
  0x06000000 \SystemRoot\System32\drivers\Dxapi.sys
  0x0600C000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x0601A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x0595B000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x05964000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x05992000 \SystemRoot\system32\drivers\USBD.SYS
  0x05994000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x059A2000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0x00480000 \SystemRoot\System32\TSDDD.dll
  0x00690000 \SystemRoot\System32\cdd.dll
  0x059B3000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x059D0000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0x059DC000 \SystemRoot\system32\DRIVERS\dot4usb.sys
  0x05800000 \SystemRoot\system32\DRIVERS\Dot4.sys
  0x05828000 \SystemRoot\system32\drivers\Dot4Prt.sys
  0x05832000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x05860000 \SystemRoot\system32\drivers\luafv.sys
  0x00DBC000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0x05883000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x0588C000 \SystemRoot\system32\drivers\WudfPf.sys
  0x03EB0000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x019E2000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x07455000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x0748B000 \SystemRoot\system32\drivers\HTTP.sys
  0x07554000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x07572000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x0758A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x07400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x075B7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x07C5E000 \SystemRoot\system32\drivers\peauth.sys
  0x07D04000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x07D0F000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x07D40000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x07D52000 \??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys
  0x07D72000 \??\C:\Windows\System32\drivers\pctplfw64.sys
  0x08252000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x082BB000 \SystemRoot\System32\DRIVERS\srv.sys
  0x08353000 \??\C:\Program Files (x86)\Common Files\PC Tools\KDS\pctESPInject.sys
  0x08390000 \??\C:\Windows\system32\drivers\mbam.sys
  0x0AD46000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x0AD81000 \SystemRoot\system32\drivers\USBSTOR.SYS
  0x0AD9C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x0ADCD000 \SystemRoot\system32\DRIVERS\serscan.sys
  0x77380000 \Windows\System32\ntdll.dll
  0x47DE0000 \Windows\System32\smss.exe
  0xFF6A0000 \Windows\System32\apisetschema.dll
  0xFFF30000 \Windows\System32\autochk.exe
  0xFF630000 \Windows\System32\Wldap32.dll
  0xFF610000 \Windows\System32\imagehlp.dll
  0xFF600000 \Windows\System32\nsi.dll
  0xFF4D0000 \Windows\System32\wininet.dll
  0x77550000 \Windows\System32\normaliz.dll
  0xFF350000 \Windows\System32\urlmon.dll
  0xFF170000 \Windows\System32\setupapi.dll
  0xFF090000 \Windows\System32\advapi32.dll
  0xFEFC0000 \Windows\System32\usp10.dll
  0xFEF40000 \Windows\System32\difxapi.dll
  0xFEE60000 \Windows\System32\oleaut32.dll
  0xFEE50000 \Windows\System32\lpk.dll
  0xFEDE0000 \Windows\System32\gdi32.dll
  0xFED60000 \Windows\System32\shlwapi.dll
  0xFEC30000 \Windows\System32\rpcrt4.dll
  0xFEB90000 \Windows\System32\clbcatq.dll
  0xFEAF0000 \Windows\System32\msvcrt.dll
  0xFDD60000 \Windows\System32\shell32.dll
  0x77260000 \Windows\System32\kernel32.dll
  0xFDC50000 \Windows\System32\msctf.dll
  0xFDC20000 \Windows\System32\imm32.dll
  0xFDC00000 \Windows\System32\sechost.dll
  0xFD9A0000 \Windows\System32\iertutil.dll
  0xFD790000 \Windows\System32\ole32.dll
  0x77160000 \Windows\System32\user32.dll
  0xFD6F0000 \Windows\System32\comdlg32.dll
  0xFD6A0000 \Windows\System32\ws2_32.dll
  0x77540000 \Windows\System32\psapi.dll
  0xFD530000 \Windows\System32\crypt32.dll
  0xFD4C0000 \Windows\System32\KernelBase.dll
  0xFD4A0000 \Windows\System32\devobj.dll
  0xFD460000 \Windows\System32\wintrust.dll
  0xFD3C0000 \Windows\System32\comctl32.dll
  0xFD380000 \Windows\System32\cfgmgr32.dll
  0xFD370000 \Windows\System32\msasn1.dll
  0x77530000 \Windows\SysWOW64\normaliz.dll

Processes (total 75):
       0 System Idle Process
       4 System
     332 C:\Windows\System32\smss.exe
     432 C:\Windows\System32\csrss.exe
     492 C:\Windows\System32\wininit.exe
     512 C:\Windows\System32\csrss.exe
     548 C:\Windows\System32\services.exe
     564 C:\Windows\System32\lsass.exe
     572 C:\Windows\System32\lsm.exe
     640 C:\Windows\System32\winlogon.exe
     724 C:\Windows\System32\svchost.exe
     820 C:\Windows\System32\svchost.exe
     900 C:\Windows\System32\svchost.exe
     968 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
     568 C:\Windows\System32\svchost.exe
    1092 C:\Windows\System32\svchost.exe
    1168 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    1600 C:\Windows\System32\spoolsv.exe
    1636 C:\Windows\System32\svchost.exe
    1796 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1840 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    1868 C:\Windows\SysWOW64\svchost.exe
    1896 C:\Windows\System32\svchost.exe
    1936 C:\Windows\SysWOW64\svchost.exe
    1964 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    1040 C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
    1756 C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    2124 C:\Windows\System32\svchost.exe
    2184 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2248 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2916 C:\Windows\System32\taskhost.exe
    2996 C:\Windows\System32\dwm.exe
    3020 C:\Windows\explorer.exe
    3136 C:\Windows\System32\svchost.exe
    3196 C:\Windows\System32\SearchIndexer.exe
    3364 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3524 C:\Program Files (x86)\Stickies\stickies.exe
    3952 C:\Windows\System32\svchost.exe
    4016 C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
    4044 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    4076 C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    4092 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3104 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    3192 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    3880 C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    4200 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4548 C:\Windows\System32\svchost.exe
    4184 C:\Windows\System32\dllhost.exe
    5068 C:\Windows\System32\taskeng.exe
    4068 C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe
    4072 C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe
    3804 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    1516 C:\Windows\System32\svchost.exe
    3564 C:\Windows\System32\taskeng.exe
    4140 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     852 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    2420 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    4616 C:\Users\JIM\AppData\Local\Google\Update\GoogleUpdate.exe
    3764 C:\Program Files\Windows Defender\MpCmdRun.exe
    1656 C:\Program Files\Windows Defender\MpCmdRun.exe
    5728 C:\Windows\System32\conhost.exe
    3228 C:\Windows\servicing\TrustedInstaller.exe
    4880 C:\Windows\System32\audiodg.exe
    4436 C:\Windows\System32\WUDFHost.exe
    5332 C:\Windows\System32\wuauclt.exe
    2956 C:\Windows\System32\SearchProtocolHost.exe
    1808 C:\Windows\System32\SearchFilterHost.exe
    2612 C:\Windows\System32\SearchProtocolHost.exe
    5940 C:\Windows\System32\wbem\WMIADAP.exe
    5216 C:\Windows\System32\wbem\WmiPrvSE.exe
    3456 J:\MBRCheck.exe
    4936 C:\Windows\System32\conhost.exe
     848 C:\Windows\System32\dllhost.exe
    4428 C:\Program Files\Windows Defender\MpCmdRun.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003d`09100000  (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000  (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x0000000f`de900000  (NTFS)

PhysicalDrive0 Model Number: WDCWD6401AALS-00L3B2, Rev: 01.03B01
PhysicalDrive1 Model Number: DIAMOND080G2F5400, Rev: RAMB1TU0

      Size  Device Name          MBR Status
  --------------------------------------------
    596 GB  \\.\PhysicalDrive0   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB7 9
     76 GB  \\.\PhysicalDrive1   Unknown MBR code
            SHA1: BB91F7E34FF3754A41F2830964B0DA1B003BCA7 3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

[SuperDave]

Please download Farbar Service Scanner and run it on the computer with the issue.

• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

[jim.mar]

OKAY HERE IT IS

Farbar Service Scanner Version: 05-02-2012
Ran by JIM (administrator) on 06-02-2012 at 14:00:23
Running from "J:\"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****