[Inactive] Internet Explorer Connection & Windows Defender

I removed a virus with malwarebytes. All is gone, but although I can connect to the internet wirelessly and wired, I am not able to connect to the internet. I receive the message "Internet Explorer Cannot Display the Webpage." All other computers on the same network are working. When going to network sharing center / wireless connections / TCP/IPv4 / properties, obtain IP address automatically is checked in both places. When I go to device manager / network adapters, isatap has a yellow triangle and !. I have tried to go to cmd, run as administrator (it comes up as c:\Windows\system32>) and type in netsh int ip reset c:\resetlog.txt and it did not work. It says "Reseting Echo Request, Failed." Reseting Global, ok!, Resting Interface, Ok!

In addition to the above, every time I turn the computer on I continue to get the Windows Defender message, "Application failed to initialize: 0x80070006. The handle is invalid."

Any help would be greatly appreciated. Thanks.

It sounds like there may still be malware remnants lurking. Follow the instructions at the link below and post the logs.

http://discussions.virtualdr.com/sho...d.php?t=167915

When I run GMER it runs for awhile, then get a blue screen that says a problem has been detected and windows has been shut down to prevent damage to your computer. APC_INDEX_MISMATCH. I am scared to proceed any further. Suggestions?

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-24 14:08:14
-----------------------------
14:08:14.614 OS Version: Windows 6.0.6000
14:08:14.614 Number of processors: 2 586 0x4802
14:08:14.629 ComputerName: OWNER-PC UserName: owner
14:08:15.659 Initialize success
14:08:28.872 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
14:08:28.888 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 6
14:08:28.934 Disk 0 MBR read successfully
14:08:28.950 Disk 0 MBR scan
14:08:28.950 Disk 0 unknown MBR code
14:08:28.950 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144231 MB offset 63
14:08:28.997 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8393 MB offset 295387155
14:08:28.997 Disk 0 scanning sectors +312576705
14:08:29.153 Disk 0 scanning C:\Windows\system32\drivers
14:08:33.786 Service scanning
14:08:45.236 Modules scanning
14:08:47.966 Disk 0 trace - called modules:
14:08:47.982 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
14:08:47.982 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84851638]
14:08:47.998 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x8439b710]
14:08:47.998 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\00000061[0x839ff9d0]
14:08:48.013 Scan finished successfully
14:09:24.299 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
14:09:24.580 The log file has been saved successfully to "F:\aswMBR.txt"

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18904
Run by owner at 14:11:48 on 2012-05-24
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1596 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atashost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uURLSearchHooks: H - No File
BHO: MRI_DISABLED - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{BFFC18AC-421A-44E6-9B95-728364B6BD19}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [HPAdvisor] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" autoRun
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvSvc] "RUNDLL32.EXE" c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-9-13 20376]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 253088]
.
=============== Created Last 30 ================
.
2012-05-24 17:45:31 98816 ----a-w- c:\windows\sed.exe
2012-05-24 17:45:31 518144 ----a-w- c:\windows\SWREG.exe
2012-05-24 17:45:31 256000 ----a-w- c:\windows\PEV.exe
2012-05-24 17:45:31 208896 ----a-w- c:\windows\MBR.exe
2012-05-24 17:45:25 -------- d-s---w- C:\ComboFix
2012-05-24 17:42:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-24 17:22:18 -------- d-----w- c:\program files\CCleaner
2012-05-22 21:12:55 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-05-22 21:12:43 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 21:12:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 21:12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-22 21:09:00 -------- d-----w- c:\program files\CleanUp!
2012-05-22 20:57:02 -------- d-----w- c:\users\owner\appdata\local\visi_coupon
2012-05-04 00:01:46 -------- d-----w- c:\users\owner\appdata\roaming\Antivirus Protection 2012
.
==================== Find3M ====================
.
2012-05-22 21:48:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-15 11:54:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 11:54:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:12:32.27 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/8/2007 9:48:25 PM
System Uptime: 5/24/2012 1:56:51 PM (1 hours ago)
.
Motherboard: Quanta | | 30B7
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-56 | Socket S1 | 1808/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 141 GiB total, 107.675 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.763 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP270: 4/18/2012 8:12:13 PM - Scheduled Checkpoint
RP277: 5/23/2012 8:54:30 AM - Removed Trend Micro AntiVirus.
RP278: 5/23/2012 8:56:47 AM - Removed Trend Micro AntiVirus.
RP279: 5/23/2012 9:00:23 AM - Removed Trend Micro AntiVirus.
RP280: 5/23/2012 9:13:10 AM - Removed Trend Micro AntiVirus.
RP281: 5/23/2012 5:45:48 PM - Restore Operation
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.3
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Apple Application Support
Apple Software Update
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
BufferChm
C6100
c6100_Help
CCleaner
CleanUp!
Conexant HD Audio
Copy
Cucusoft Ultimate DVD + Video Converter Suite 8.2.8.2
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
ESU for Microsoft Vista
eSupportQFolder
Fax
Google Toolbar for Internet Explorer
Hewlett-Packard Asset Agent
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0041
HP Wireless Assistant
HPNetworkAssistant
HPProductAssistant
Java(TM) SE Runtime Environment 6
LightScribe 1.4.136.1
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
NVIDIA Drivers
PSSWCORE
QuickTime
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Skype Toolbars
Skype™ 5.3
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
WebEx Support Manager for Internet Explorer
WebReg
Winkflash Transporter
.
==== Event Viewer Messages From Past Week ========
.
5/24/2012 12:47:15 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/24/2012 1:57:26 PM, Error: EventLog [6008] - The previous system shutdown at 1:51:07 PM on 5/24/2012 was unexpected.
5/24/2012 1:36:56 PM, Error: EventLog [6008] - The previous system shutdown at 1:34:03 PM on 5/24/2012 was unexpected.
5/23/2012 9:36:13 AM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 2147952506.
5/23/2012 9:25:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
5/23/2012 9:24:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
5/23/2012 9:16:29 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.16 for the Network Card with network address 001A735B8822 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
5/23/2012 9:05:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/23/2012 9:04:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/23/2012 9:04:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/23/2012 9:03:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/23/2012 9:03:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/23/2012 9:03:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/23/2012 9:03:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/23/2012 8:45:15 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 3, function 0. Please contact your system vendor for technical assistance.
5/23/2012 8:45:15 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 2, function 0. Please contact your system vendor for technical assistance.
5/23/2012 2:07:58 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.127 for the Network Card with network address 001A735B8822 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
5/23/2012 2:03:38 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.71 for the Network Card with network address 001A735B8822 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
5/23/2012 2:02:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WebrootSpySweeperService with arguments "" in order to run the server: {1281A68F-9E75-418F-B3AC-D5B23DD86408}
5/23/2012 12:43:20 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The requested service provider could not be loaded or initialized.
5/23/2012 11:28:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/23/2012 10:20:35 PM, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: The system cannot find the file specified.
5/23/2012 10:20:35 PM, Error: Service Control Manager [7000] - The TCP/IP Registry Compatibility service failed to start due to the following error: The system cannot find the file specified.
5/23/2012 1:46:55 PM, Error: EventLog [6008] - The previous system shutdown at 1:45:09 PM on 5/23/2012 was unexpected.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6 ws2ifsl
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2012 7:49:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/22/2012 7:47:31 PM, Error: EventLog [6008] - The previous system shutdown at 7:46:30 PM on 5/22/2012 was unexpected.
5/22/2012 7:45:37 PM, Error: EventLog [6008] - The previous system shutdown at 7:44:06 PM on 5/22/2012 was unexpected.
5/22/2012 7:43:20 PM, Error: EventLog [6008] - The previous system shutdown at 7:41:00 PM on 5/22/2012 was unexpected.
5/22/2012 7:40:14 PM, Error: EventLog [6008] - The previous system shutdown at 7:35:32 PM on 5/22/2012 was unexpected.
5/22/2012 7:26:46 PM, Error: EventLog [6008] - The previous system shutdown at 7:21:42 PM on 5/22/2012 was unexpected.
5/22/2012 7:20:56 PM, Error: EventLog [6008] - The previous system shutdown at 7:17:54 PM on 5/22/2012 was unexpected.
5/22/2012 7:17:29 PM, Error: EventLog [6008] - The previous system shutdown at 7:16:11 PM on 5/22/2012 was unexpected.
5/22/2012 6:52:12 PM, Error: EventLog [6008] - The previous system shutdown at 6:48:21 PM on 5/22/2012 was unexpected.
5/22/2012 6:47:36 PM, Error: EventLog [6008] - The previous system shutdown at 6:46:23 PM on 5/22/2012 was unexpected.
5/22/2012 6:42:37 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
5/22/2012 6:42:37 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/22/2012 6:41:40 PM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: SPService is not a valid Win32 application.
5/22/2012 6:41:40 PM, Error: Service Control Manager [7023] - The Sdcoreservice service terminated with the following error: Sdcoreservice is not a valid Win32 application.
5/22/2012 6:41:40 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
5/22/2012 6:41:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Webroot Spy Sweeper Engine service to connect.
5/22/2012 6:41:40 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
5/22/2012 6:41:40 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
5/22/2012 6:41:40 PM, Error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/22/2012 6:40:00 PM, Error: EventLog [6008] - The previous system shutdown at 5:16:22 PM on 5/22/2012 was unexpected.
5/22/2012 5:15:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/22/2012 5:15:36 PM, Error: EventLog [6008] - The previous system shutdown at 5:13:51 PM on 5/22/2012 was unexpected.
.
==== End Of File ===========================

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Any particular reason why you ran DDS from safe mode?

I still need MBAM log.

After I ran GMER I got nervous.

DDS without Safe Mode:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18904
Run by owner at 22:44:36 on 2012-05-24
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1310 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\atashost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uURLSearchHooks: H - No File
BHO: MRI_DISABLED - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{BFFC18AC-421A-44E6-9B95-728364B6BD19}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvSvc] "RUNDLL32.EXE" c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-9-13 20376]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 253088]
.
=============== Created Last 30 ================
.
2012-05-24 17:45:31 98816 ----a-w- c:\windows\sed.exe
2012-05-24 17:45:31 518144 ----a-w- c:\windows\SWREG.exe
2012-05-24 17:45:31 256000 ----a-w- c:\windows\PEV.exe
2012-05-24 17:45:31 208896 ----a-w- c:\windows\MBR.exe
2012-05-24 17:45:25 -------- d-s---w- C:\ComboFix
2012-05-24 17:42:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-24 17:22:18 -------- d-----w- c:\program files\CCleaner
2012-05-22 21:12:55 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-05-22 21:12:43 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 21:12:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 21:12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-22 21:09:00 -------- d-----w- c:\program files\CleanUp!
2012-05-22 20:57:02 -------- d-----w- c:\users\owner\appdata\local\visi_coupon
2012-05-04 00:01:46 -------- d-----w- c:\users\owner\appdata\roaming\Antivirus Protection 2012
.
==================== Find3M ====================
.
2012-05-22 21:48:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-15 11:54:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 11:54:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 22:45:13.84 ===============


DDS Notepad:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18904
Run by owner at 22:44:36 on 2012-05-24
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1310 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\atashost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uURLSearchHooks: H - No File
BHO: MRI_DISABLED - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{BFFC18AC-421A-44E6-9B95-728364B6BD19}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvSvc] "RUNDLL32.EXE" c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-9-13 20376]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 253088]
.
=============== Created Last 30 ================
.
2012-05-24 17:45:31 98816 ----a-w- c:\windows\sed.exe
2012-05-24 17:45:31 518144 ----a-w- c:\windows\SWREG.exe
2012-05-24 17:45:31 256000 ----a-w- c:\windows\PEV.exe
2012-05-24 17:45:31 208896 ----a-w- c:\windows\MBR.exe
2012-05-24 17:45:25 -------- d-s---w- C:\ComboFix
2012-05-24 17:42:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-24 17:22:18 -------- d-----w- c:\program files\CCleaner
2012-05-22 21:12:55 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-05-22 21:12:43 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 21:12:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 21:12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-22 21:09:00 -------- d-----w- c:\program files\CleanUp!
2012-05-22 20:57:02 -------- d-----w- c:\users\owner\appdata\local\visi_coupon
2012-05-04 00:01:46 -------- d-----w- c:\users\owner\appdata\roaming\Antivirus Protection 2012
.
==================== Find3M ====================
.
2012-05-22 21:48:15 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-15 11:54:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 11:54:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 22:45:13.84 ===============

What about Malwarebytes?

I have run Malwarebytes several times. There aren't any issues.

Well, you didn't tell me.
I always want to see logs even if they're clean.

I don't see any AV program running.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/w...ity-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-.../antivirus.php
Update, run full scan, report on any findings.

Next....

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

It will not let me do the scan with Microsoft Security Essentials because I do not have an internet connection to check for virus and spyware definition updates.

Go ahead with Combofix.

ComboFix 12-05-25.03 - owner 05/25/2012 21:49:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1199 [GMT -5:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\users\owner\AppData\Roaming\antivirus protection 2012
c:\users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
c:\users\owner\uz.dat
c:\windows\$NtUninstallKB62280$
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-24 17:42 . 2012-05-24 17:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-24 17:22 . 2012-05-24 17:22 -------- d-----w- c:\program files\CCleaner
2012-05-22 21:12 . 2012-05-22 21:12 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2012-05-22 21:12 . 2012-05-22 21:12 -------- d-----w- c:\programdata\Malwarebytes
2012-05-22 21:12 . 2012-05-22 21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-22 21:12 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 21:09 . 2012-05-22 21:09 -------- d-----w- c:\program files\CleanUp!
2012-05-22 20:57 . 2012-05-22 20:57 -------- d-----w- c:\users\owner\AppData\Local\visi_coupon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 11:54 . 2012-04-15 11:54 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 11:54 . 2012-01-07 13:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-21 01:44 . 2012-03-21 01:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-14 02:15 . 2012-04-13 03:34 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1A2A60A-CC5E-418D-B071-1AA3FE3BFBC9}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-05-14 1232896]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2010-02-23 13312]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-05-31 77824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-08-31 623960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-10-15 39792]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-708839690-799974076-2641207257-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:54]
.
2012-05-24 c:\windows\Tasks\User_Feed_Synchronization-{22F75411-920B-4F4B-BE4E-F44AAD083D9B}.job
- c:\windows\system32\msfeedssync.exe [2010-04-11 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SafeBoot-09088414.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-25 21:59
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3352)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atashost.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\WUDFHost.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-05-25 22:05:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-26 03:04
.
Pre-Run: 113,228,955,648 bytes free
Post-Run: 113,167,298,560 bytes free
.
- - End Of File - - CDBDCE66E504832F40E1DC661284869A

When I click on IE now it says c:\Program Files\Internet Explorer\iexplore.exe Illegal Operation attempted on a registry key that has been marked for deletion. IE still doesn't work.