Solved Avg detected adware.generic and system restore doesn't get rid of it

Status
Not open for further replies.
D

dhreed82

Posts: 42   +0
Hello i'm new to this techspot site. My name is Dustin Reed. Recently on 12/5/2010 I downloaded avg to see if it would detect anything that kaspersky anti-virus would miss. It found adware.generic starting with HKLM I don't have it on my computer any more, I removed avg because I read another thread tlhat said i should only have one AV program on my computer.. I'm paying for kaspersky so I deleted avg. Is there any one who can help me with this issue. I would greatly appreciate it given the computer is not even two months old.

Thanks in advance,

Dustin
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
here are the logs requested for the preliminary cleaning

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5263

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/7/2010 1:48:09 PM
mbam-log-2010-12-07 (13-48-09).txt

Scan type: Quick scan
Objects scanned: 150843
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
mbam log, reposting it don't think it went through

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5263

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/7/2010 1:48:09 PM
mbam-log-2010-12-07 (13-48-09).txt

Scan type: Quick scan
Objects scanned: 150843
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
DDS.txt

DDS (Ver_10-12-05.01) - NTFS_AMD64
Run by Dusty at 20:03:30.79 on Tue 12/07/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2439 [GMT -6:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dusty\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============
 
DDS continued

uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Camfrog] "C:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avp] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
mRun-x64: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

================= FIREFOX ===================
 
DDS txt part 3

FF - ProfilePath - C:\Users\Dusty\AppData\Roaming\Mozilla\Firefox\Profiles\onq50cen.default\
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dusty\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Extension: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: DigitalPersona Extension: otis@digitalpersona.com - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - C:\Users\Dusty\AppData\Roaming\Mozilla\Firefox\Profiles\onq50cen.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [2009-10-14 40464]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-9-14 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-16 202752]
R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-7-23 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-4-16 6403584]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-4-16 188928]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-24 32880]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-10-2 21008]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-14 38456]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/09/14 02:09:08;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-9-14 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-14 239136]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-14 295424]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-1 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================
 
DDS txt part 4

2010-12-08 01:50:56 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{1E0CCFC2-2589-47E7-97D2-748C42429213}\mpengine.dll
2010-12-07 22:10:19 -------- d-----w- C:\Users\Dusty\AppData\Local\Diagnostics
2010-12-07 19:43:49 -------- d-----w- C:\Users\Dusty\AppData\Roaming\Malwarebytes
2010-12-07 19:43:27 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-07 19:43:26 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-07 19:43:23 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-07 19:43:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-07 04:40:10 -------- d-----w- C:\Users\Dusty\AppData\Roaming\AVG
2010-12-07 03:54:10 -------- d-----w- C:\PROGRA~3\PC Tools
2010-12-06 23:43:47 439808 ----a-w- C:\Windows\System32\athihvs.dll
2010-12-06 23:43:47 -------- d-----w- C:\Windows\Options
2010-12-06 06:14:42 -------- d-----w- C:\PROGRA~3\Symantec
2010-12-06 04:09:12 -------- d-----w- C:\Windows\en
2010-12-06 04:05:07 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-12-06 04:05:07 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-12-06 04:05:06 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-12-06 04:05:06 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-12-06 03:55:05 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5d5215791cb94f922\MeshBetaRemover.exe
2010-12-06 03:54:39 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4dcd3cd31cb94f91a\DSETUP.dll
2010-12-06 03:54:39 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4dcd3cd31cb94f91a\DXSETUP.exe
2010-12-06 03:54:39 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4dcd3cd31cb94f91a\dsetup32.dll
2010-12-06 03:54:37 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bdbbd3b1cb94f919\DSETUP.dll
2010-12-06 03:54:37 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bdbbd3b1cb94f919\DXSETUP.exe
2010-12-06 03:54:37 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4bdbbd3b1cb94f919\dsetup32.dll
2010-12-06 03:53:02 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-12-06 03:53:02 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-12-06 03:53:01 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-12-06 03:53:01 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-12-06 03:53:01 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-12-06 03:53:00 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-12-06 03:53:00 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-12-06 03:48:07 -------- d-----w- C:\Users\Dusty\AppData\Roaming\AVG10
2010-12-05 04:47:11 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-12-05 04:47:11 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-12-05 00:02:05 -------- d-----w- C:\PROGRA~3\STOPzilla!
2010-12-04 22:26:02 -------- d-----w- C:\Users\Dusty\AppData\Local\Apps
2010-12-04 09:49:50 -------- d--h--w- C:\PROGRA~3\Common Files
2010-12-04 09:48:12 -------- d-----w- C:\PROGRA~3\AVG10
2010-12-04 09:46:55 -------- d-----w- C:\Program Files (x86)\AVG
2010-12-04 09:35:49 -------- d-----w- C:\PROGRA~3\MFAData
2010-12-02 21:29:45 -------- d-----w- C:\Users\Dusty\AppData\Roaming\Camfrog
2010-12-02 21:29:21 -------- d-----w- C:\Program Files (x86)\Camfrog
2010-11-27 21:16:32 -------- d-----w- C:\Program Files (x86)\Kalypso
2010-11-27 17:20:43 -------- d-----w- C:\Users\Dusty\AppData\Local\Windows Live
2010-11-23 19:00:53 -------- d-----w- C:\Users\Dusty\AppData\Local\Turbine
2010-11-23 18:52:19 -------- d-----w- C:\Users\Dusty\AppData\Local\ApplicationHistory
2010-11-23 18:22:23 -------- d-----w- C:\Program Files (x86)\Turbine
2010-11-23 14:37:03 -------- d-----w- C:\PROGRA~3\LightScribe
2010-11-23 13:55:24 -------- d-----w- C:\Users\Dusty\AppData\Local\PMB Files
2010-11-23 13:55:23 -------- d-----w- C:\PROGRA~3\PMB Files
2010-11-23 13:55:14 -------- d-----w- C:\Program Files (x86)\Pando Networks
2010-11-22 04:10:45 -------- d-----w- C:\Users\Dusty\AppData\Local\Yahoo
2010-11-22 04:09:15 -------- d-----w- C:\Users\Dusty\AppData\Local\Yahoo!
2010-11-22 04:04:03 -------- d-----w- C:\Program Files (x86)\Yahoo!
2010-11-21 02:49:13 -------- d-----w- C:\PROGRA~3\Recovery
2010-11-16 15:55:07 -------- d-----w- C:\Users\Dusty\AppData\Local\Adobe
2010-11-15 23:33:43 -------- d-----w- C:\Users\Dusty\AppData\Local\HP MediaSmart Video
2010-11-11 02:35:02 -------- d-----w- C:\Users\Dusty\AppData\Local\Google
2010-11-11 02:34:15 -------- d-----r- C:\Program Files (x86)\Skype

==================== Find3M ====================

2010-10-27 19:28:46 11320 ----a-w- C:\Windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-19 16:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-27 02:15:22 2374656 ----a-w- C:\Windows\System32\drivers\athrx.sys
2010-09-23 06:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 06:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 20:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 20:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 09:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-14 09:51:42 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2010-09-14 09:51:42 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2010-09-14 09:05:15 0 ----a-w- C:\Windows\ativpsrm.bin
2010-09-11 16:51:46 60416 ----a-w- C:\Windows\System32\athihvui.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

============= FINISH: 20:04:39.03 ===============
 
Attach.txt DDS

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/9/2010 7:16:17 PM
System Uptime: 12/7/2010 4:05:44 PM (4 hours ago)

Motherboard: Hewlett-Packard | | 1442
Processor: AMD Phenom(tm) II N850 Triple-Core Processor | Socket S1G4 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 576 GiB total, 514.203 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.951 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP53: 12/7/2010 2:15:04 PM - Removed AVG 2011
RP54: 12/7/2010 2:16:39 PM - Removed AVG 2011

==== Installed Programs ======================

Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1 MUI
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Atheros Driver Installation Program
AVG PC Tuneup 2011
Bejeweled 2 Deluxe
Blackhawk Striker 2
Build-a-lot 2
Camfrog Video Chat 5.5
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Contents
Corel PaintShop Photo Pro X3
Corel VideoStudio Pro X3
CyberLink DVD Suite
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
DeviceIO
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Final Drive Nitro
Google Chrome
Google Update Helper
Heroes of Hellas 2 - Olympia
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Hulu Desktop
ICA
IDT Audio
IPM_PSP_Pro
IPM_VS_Pro
ISCOM
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kaspersky Anti-Virus 2010
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox (3.6.12)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PSPPContent
PSPPRO_DCRAW
PureHD
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Word 2010 (KB2345000)
Setup
Share
Skype Toolbars
Skype™ 5.0
Times Reader
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
VIO
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
VSClassic
VSPro
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

12/7/2010 12:42:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
12/7/2010 12:41:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
12/5/2010 10:10:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows Live Essentials 2011 (KB2434419).
12/4/2010 9:41:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.
12/4/2010 2:15:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2010 2:15:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/4/2010 2:15:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/4/2010 2:15:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/4/2010 2:15:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/4/2010 2:15:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/4/2010 2:15:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/4/2010 2:15:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xfffff88008236000, 0x0000000000000002, 0x0000000000000001, 0xfffff880044a8429). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120410-23727-01.
12/4/2010 2:14:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl1 KLIF KLIM6 NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
12/4/2010 2:14:59 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2010 2:14:59 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2010 2:14:59 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2010 2:14:59 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2010 2:14:59 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2010 2:14:59 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2010 2:14:59 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2010 2:14:59 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/4/2010 2:14:59 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2010 2:14:59 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2010 2:02:04 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/4/2010 2:02:04 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
12/4/2010 2:02:04 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
12/4/2010 2:02:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/4/2010 10:50:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.95.1100.0).

==== End Of File ===========================
 
Looks pretty clean, so far.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
about virus and spyware scans

Kaspersky Anti-Virus (which i pay for), spy doctor 2010 (Free virus), and malbytes failed to pick up this file which avg free trail picks up every time
the file is HKLM\SOFTWARE\Wow6432Node\Windows\CurrentVersion\Run\AVP Infection Found Adware.Generic AVG won't send this to its virus vault.

SpyDoctor 2010 found some spyware but they were all low risk, not removed because it was free version
 
I hope from the information i have posted you will be able to help me, my computer is only a couple of months old so I am very worried. Thanks for all your time and dedication,

Sincerely,

D
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 198):
0x02A18000 \SystemRoot\system32\ntoskrnl.exe
0x02FF4000 \SystemRoot\system32\hal.dll
0x00BAF000 \SystemRoot\system32\kdcom.dll
0x00C40000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C4D000 \SystemRoot\system32\PSHED.dll
0x00C61000 \SystemRoot\system32\CLFS.SYS
0x00CBF000 \SystemRoot\system32\CI.dll
0x00EF8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F9C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00E57000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E60000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E6A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E9D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00EC8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00ED4000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D7F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FC5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00FCE000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00EE9000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00DDB000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DEB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01068000 \SystemRoot\system32\drivers\fltmgr.sys
0x010B4000 \SystemRoot\system32\drivers\fileinfo.sys
0x01216000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010C8000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01126000 \SystemRoot\System32\Drivers\cng.sys
0x013D2000 \SystemRoot\System32\drivers\pcw.sys
0x013E3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01407000 \SystemRoot\system32\drivers\ndis.sys
0x014F9000 \SystemRoot\system32\drivers\NETIO.SYS
0x01559000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x01584000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01199000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015CE000 \SystemRoot\System32\Drivers\spldr.sys
0x01000000 \SystemRoot\System32\drivers\rdyboost.sys
0x015D6000 \SystemRoot\System32\Drivers\mup.sys
0x015E8000 \SystemRoot\system32\DRIVERS\klbg.sys
0x015F6000 \SystemRoot\System32\drivers\hwpolicy.sys
0x013ED000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01200000 \SystemRoot\system32\DRIVERS\disk.sys
0x018E9000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01919000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01959000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01983000 \SystemRoot\system32\DRIVERS\klif.sys
0x019E0000 \SystemRoot\System32\Drivers\Null.SYS
0x019E9000 \SystemRoot\System32\Drivers\Beep.SYS
0x019F0000 \SystemRoot\System32\drivers\vga.sys
0x01800000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01825000 \SystemRoot\System32\drivers\watchdog.sys
0x01835000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0183E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01847000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01850000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0185B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0186C000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0188A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03E18000 \SystemRoot\system32\DRIVERS\kl1.sys
0x04341000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C72000 \SystemRoot\system32\drivers\afd.sys
0x02CFC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D05000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D2B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02D41000 \SystemRoot\system32\DRIVERS\klim6.sys
0x02D4B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02D5A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02D75000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02D89000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02DDA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02DE6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02DF1000 \SystemRoot\System32\drivers\discache.sys
0x02C00000 \SystemRoot\System32\Drivers\dfsc.sys
0x02C1E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02C2F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02C55000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x04386000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04842000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x04EB1000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04FA5000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x050F9000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05343000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0539C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x053A7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05000000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x0500D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0501E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0503C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0504B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0509E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x050A0000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x050AA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x050B9000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x050C5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x050CA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x050D3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x050E3000 \SystemRoot\system32\DRIVERS\clwvd.sys
0x043BA000 \SystemRoot\system32\DRIVERS\ks.sys
0x01897000 \SystemRoot\System32\Drivers\fastfat.SYS
0x050EA000 \SystemRoot\system32\drivers\ksthunk.sys
0x04824000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0103A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04FEB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03631000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03660000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0367B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0369C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x036B6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x036B8000 \SystemRoot\system32\DRIVERS\circlass.sys
0x036CA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x036DC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03736000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0374B000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x0376E000 \SystemRoot\system32\drivers\portcls.sys
0x037AB000 \SystemRoot\system32\drivers\drmk.sys
0x06443000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x064C5000 \SystemRoot\System32\drivers\Dxapi.sys
0x064D1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x064DF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x064EB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x064F6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06509000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x0651A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06537000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06545000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0655E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06567000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06574000 \SystemRoot\System32\Drivers\usbvideo.sys
0x065A2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004C0000 \SystemRoot\System32\TSDDD.dll
0x00640000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x065B0000 \SystemRoot\system32\drivers\luafv.sys
0x065D3000 \SystemRoot\system32\drivers\WudfPf.sys
0x06400000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A29000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02A7C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02A8F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02AA7000 \SystemRoot\system32\drivers\HTTP.sys
0x02B6F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02B8D000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02BA5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03A97000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03AE5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07425000 \??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys
0x03B08000 \SystemRoot\system32\drivers\peauth.sys
0x075DB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03BAE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x075E6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03A00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07824000 \SystemRoot\System32\DRIVERS\srv.sys
0x76F50000 \Windows\System32\ntdll.dll
0x47D60000 \Windows\System32\smss.exe
0xFF270000 \Windows\System32\apisetschema.dll
0xFF750000 \Windows\System32\autochk.exe
0xFF240000 \Windows\System32\imagehlp.dll
0x76E30000 \Windows\System32\kernel32.dll
0xFF060000 \Windows\System32\setupapi.dll
0xFEE50000 \Windows\System32\ole32.dll
0xFEDE0000 \Windows\System32\gdi32.dll
0xFEB80000 \Windows\System32\iertutil.dll
0x77120000 \Windows\System32\psapi.dll
0xFEAA0000 \Windows\System32\oleaut32.dll
0xFEA90000 \Windows\System32\nsi.dll
0xFE9F0000 \Windows\System32\clbcatq.dll
0x76D30000 \Windows\System32\user32.dll
0xFE970000 \Windows\System32\shlwapi.dll
0xFE860000 \Windows\System32\msctf.dll
0xFE7C0000 \Windows\System32\msvcrt.dll
0xFE7A0000 \Windows\System32\sechost.dll
0xFE750000 \Windows\System32\ws2_32.dll
0xFE6B0000 \Windows\System32\comdlg32.dll
0xFE680000 \Windows\System32\imm32.dll
0xFD8F0000 \Windows\System32\shell32.dll
0xFD870000 \Windows\System32\difxapi.dll
0xFD6F0000 \Windows\System32\urlmon.dll
0xFD610000 \Windows\System32\advapi32.dll
0xFD540000 \Windows\System32\usp10.dll
0xFD410000 \Windows\System32\rpcrt4.dll
0xFD3C0000 \Windows\System32\Wldap32.dll
0xFD3B0000 \Windows\System32\lpk.dll
0x77110000 \Windows\System32\normaliz.dll
0xFD280000 \Windows\System32\wininet.dll
0xFD210000 \Windows\System32\KernelBase.dll
0xFD1D0000 \Windows\System32\cfgmgr32.dll
0xFD190000 \Windows\System32\wintrust.dll
0xFD020000 \Windows\System32\crypt32.dll
0xFCF80000 \Windows\System32\comctl32.dll
0xFCF60000 \Windows\System32\devobj.dll
0xFCF50000 \Windows\System32\msasn1.dll
0x76760000 \Windows\SysWOW64\normaliz.dll

Processes (total 76):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
432 csrss.exe
500 C:\Windows\System32\wininit.exe
532 csrss.exe
564 C:\Windows\System32\services.exe
580 C:\Windows\System32\lsass.exe
588 C:\Windows\System32\lsm.exe
704 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\atiesrxx.exe
944 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
304 C:\Program Files\IDT\WDM\stacsv64.exe
1168 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\hpservice.exe
1272 C:\Windows\System32\vcsFPService.exe
1288 C:\Windows\System32\atieclxx.exe
1396 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\wlanext.exe
1516 C:\Windows\System32\conhost.exe
1608 C:\Windows\System32\spoolsv.exe
1636 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1696 C:\Windows\System32\svchost.exe
1812 C:\Windows\System32\svchost.exe
1840 C:\Program Files\IDT\WDM\AESTSr64.exe
1868 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
1908 C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
2008 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
1084 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
1304 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2052 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2096 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2124 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
2604 C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
2612 C:\Windows\System32\dwm.exe
2632 C:\Windows\System32\taskhost.exe
2748 C:\Windows\explorer.exe
3000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3012 C:\Program Files\IDT\WDM\sttray64.exe
1092 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2532 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3292 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3468 WmiPrvSE.exe
3540 C:\Windows\System32\SearchIndexer.exe
3812 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
3932 WmiPrvSE.exe
3328 C:\Windows\System32\taskeng.exe
3624 C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
2836 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
3792 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3212 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3112 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3980 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
4816 C:\Windows\System32\svchost.exe
5040 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4524 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
1344 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4856 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
4928 C:\Windows\System32\svchost.exe
4684 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
4692 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3660 C:\Program Files\Windows Media Player\wmpnetwk.exe
3252 C:\Windows\System32\svchost.exe
2064 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4964 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3216 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1892 C:\Windows\System32\SearchProtocolHost.exe
5364 C:\Windows\System32\SearchFilterHost.exe
1540 C:\Windows\System32\audiodg.exe
6088 C:\Users\Dusty\Downloads\MBRCheck.exe
1380 C:\Windows\System32\conhost.exe
6052 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000008f`f1c00000 (NTFS)

PhysicalDrive0 Model Number: ST9640320AS, Rev: 0001HPM1

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: B704CB63CF88CFE734311A624CBF37189FCEE8D7


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 
We have to fix your MBR....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
about inside the folder

The file inside was labeled BurnItCD type was windows command and it was 1kb is this the one to click
 
Do I have to follow all the directions in that click here section like choosing boot from cd and also choosing boot to harddrive as secondary and saving them ? or is that different for windows 7?
 
Your computer may be already set to boot from the CD, so simply try to boot from the CD.
 
I have the cd in the drive and I press esc to start the bios but i do not see any option for booting from a cd... what now?
 
No, don't enter BIOS for now.
Put the CD in and restart computer.
You may see the following message:
"Press any key to boot from CD".
 
i couldn't find the boot from cd option

what do i do if I can't find the boot from cd option in the bios?
 
Status
Not open for further replies.

Similar threads

Marlo Walker
Nvidia GPU (GTX 1060 6gb) not detected by system
Replies
1
Views
1K
Marlo Walker
Marlo Walker
Shawn Knight
When Asus and MSI battle over OLED monitor burn-in warranties, consumers win
Replies
7
Views
292
ddferrari
ddferrari
yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz

Latest posts

Back