[Resolved K] Full-sized windows are popping open by themselves....

[RichieAnything]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:58:57 PM, on 9/28/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar

\Platform\6.0.2282.0\npwinext.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Deloris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1604025067-3389582785-3966683012-1001\..\Run: [Google Update] "C:\Users\Richie\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Richie')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files

(x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file

missing)

--
End of file

[kevinf80]

Hello RichieAnything and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

• Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
• Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
• Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
• Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
• If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
• If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
• If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

We need to see some additional information about what is happening in your machine. 
Please perform the following scan:

• Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • DDS.com
    
  • DDS.scr
    
  • DDS.pif
    
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool.   
• When done, DDS will open two (2) logs

         1. DDS.txt
         2. Attach.txt

• Save both reports to your desktop.
• The instructions here ask you to attach the Attach.txt.

 

• Instead of attaching, please copy/past both logs into your next reply.
  
• Close the program window, and delete the program from your desktop.

Please note:  You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control HERE

Let me see the following in your reply :-

• Log from Malwarebytes
• DDS.txt
• Attach.txt

Kevin

[RichieAnything]

SYMPTOMS:

My anit virus TREND MICRO TITANIUM doesnt open every time that I attempt to run a scan..   TREND MICRO did run a scan and find one web threat, but it doesnt open every time and it doesnt open and scan in safe mode at all..

It is as if someone hits the back button sometimes and returns to a previous window..

[kevinf80]

Can you follow the instructions I gave in my initial reply?

[RichieAnything]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7827

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/29/2011 12:00:29 PM
mbam-log-2011-09-29 (12-00-29).txt

Scan type: Quick scan
Objects scanned: 194629
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Deloris at 12:04:54 on 2011-09-29
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3835.2463 [GMT -4:00]
.
AV: Trend Micro Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Richie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Malwarebytes' Anti-Malware\mbam.exe
C:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "C:\Users\Deloris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{9CF434A8-B6EC-4BE9-B8A3-A70DE62AEEC5} : DhcpNameServer = 68.87.68.166 68.87.74.166
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\TmIEPlg32.dll
BHO-X64:     Trend Micro NSC BHO - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64:     Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO-X64:     TmBpIeBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-14 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-5-11 256336]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 MBAMService;MBAMService;C:\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-29 366152]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-9-10 5716848]
R2 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-28 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-28 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-09-29 15:54:21   41272   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-29 15:54:17   --------   d-----w-   C:\Users\Deloris\AppData\Roaming\Malwarebytes
2011-09-29 15:54:11   --------   d-----w-   C:\ProgramData\Malwarebytes
2011-09-29 15:54:08   25416   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-09-29 15:54:07   --------   d-----w-   C:\Malwarebytes' Anti-Malware
2011-09-29 15:39:29   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7D52903-6B31-45F1-8BCC-92A811F23CA5}\offreg.dll
2011-09-29 01:32:47   9049936   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7D52903-6B31-45F1-8BCC-92A811F23CA5}\mpengine.dll
2011-09-28 17:42:06   --------   d-----w-   C:\Trend Micro
2011-09-10 23:41:17   --------   d-----w-   C:\Users\Deloris\AppData\Roaming\WTablet
2011-09-10 19:08:16   --------   d-----w-   C:\Program Files (x86)\TabletPlugins
2011-09-10 19:08:14   13312   ----a-w-   C:\Windows\System32\drivers\wacmoumonitor.sys
2011-09-10 19:07:56   12848   ----a-w-   C:\Windows\System32\drivers\wacommousefilter.sys
2011-09-10 19:07:10   16168   ----a-w-   C:\Windows\System32\drivers\wacomvhid.sys
2011-09-10 19:07:03   751472   ----a-w-   C:\Windows\System32\Wacom_Tablet.dll
2011-09-10 19:07:03   644976   ----a-w-   C:\Windows\SysWow64\Wacom_Tablet.dll
2011-09-10 19:07:03   600432   ----a-w-   C:\Windows\System32\Wintab32.dll
2011-09-10 19:07:03   506736   ----a-w-   C:\Windows\SysWow64\Wintab32.dll
2011-09-10 19:06:59   --------   d-----w-   C:\Program Files\Tablet
2011-09-08 11:54:49   --------   d-----w-   C:\Program Files (x86)\Coupons
.
==================== Find3M  ====================
.
2011-07-22 05:35:08   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53   243200   ----a-w-   C:\Windows\System32\wow64.dll
2011-07-16 05:26:53   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18   214528   ----a-w-   C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32   422400   ----a-w-   C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46   338432   ----a-w-   C:\Windows\System32\conhost.exe
2011-07-16 04:36:09   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27   272384   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10   2048   ----a-w-   C:\Windows\System32\tzres.dll
2011-07-09 04:30:52   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55   287744   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 12:06:03.27 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2011 11:26:54 PM
System Uptime: 9/29/2011 11:36:25 AM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 1444
Processor: AMD Phenom(tm) II N640 Dual-Core Processor | Socket S1G4 | 2900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 230.226 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.702 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP74: 9/16/2011 9:25:52 AM - Windows Modules Installer
RP75: 9/16/2011 9:26:47 AM - Windows Modules Installer
RP76: 9/16/2011 9:33:39 AM - Windows Update
RP77: 9/18/2011 8:49:58 AM - Windows Update
RP78: 9/19/2011 8:28:04 PM - Restore Operation
RP79: 9/19/2011 8:49:20 PM - Windows Update
RP80: 9/20/2011 3:20:34 PM - Windows Update
RP81: 9/20/2011 8:29:27 PM - Windows Update
RP82: 9/21/2011 9:31:31 AM - Windows Update
RP83: 9/23/2011 3:20:44 PM - Windows Update
RP84: 9/27/2011 10:18:33 AM - Windows Update
RP85: 9/28/2011 1:19:06 PM - Restore Operation
RP86: 9/28/2011 1:38:03 PM - Installed HiJackThis
RP87: 9/28/2011 1:41:47 PM - Installed HiJackThis
RP88: 9/28/2011 9:32:18 PM - Windows Update
RP89: 9/29/2011 9:54:35 AM - Windows Update
.
==== Installed Programs ======================
.
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.4.5 MUI
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Agatha Christie - Peril at End House
Bejeweled 2 Deluxe
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Coupon Printer for Windows
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Facebook Video Calling 1.0.0.8526
Farm Frenzy
FATE
Final Drive Nitro
Google Chrome
Google Earth Plug-in
Google Update Helper
Heroes of Hellas 2 - Olympia
HiJackThis
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Java Auto Updater
Java(TM) 6 Update 26
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Online Backup
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Suite Specific
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Virtual Families
Virtual Villagers 4 - The Tree of Life
WebTablet IE Plugin
WebTablet Netscape Plugin
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
9/29/2011 11:34:27 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network

Location Awareness service which failed to start because of the following error:  The dependency service or group failed to

start.
9/29/2011 11:34:27 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the

service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/29/2011 11:34:27 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the

service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/29/2011 11:34:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the

service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/29/2011 11:34:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the

service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/29/2011 11:34:24 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the

service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/29/2011 11:34:16 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the

service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/29/2011 11:34:03 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed

to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmtdi vwififlt Wanarpv6 WfpLwf
9/29/2011 11:34:02 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store

Interface Service service which failed to start because of the following error:  The dependency service or group failed to

start.
9/29/2011 11:34:02 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary

Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system

is not functioning.
9/29/2011 11:34:02 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends

on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to

the system is not functioning.
9/29/2011 11:34:02 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or

group failed to start.
9/29/2011 11:34:02 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or

group failed to start.
9/29/2011 11:34:02 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the

NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is

not functioning.
9/29/2011 11:34:02 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the

Network Store Interface Service service which failed to start because of the following error:  The dependency service or

group failed to start.
9/29/2011 11:34:02 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store

Interface Service service which failed to start because of the following error:  The dependency service or group failed to

start.
9/29/2011 11:34:02 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI

Support Driver service which failed to start because of the following error:  A device attached to the system is not

functioning.
9/29/2011 11:34:02 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function

Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not

functioning.
9/24/2011 7:28:16 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for

a transaction response from the lmhosts service.
.
==== End Of File ===========================

[kevinf80]

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it, Vista or Windows 7 user right click and select "Run as Administrator"





Click the [Scan] button to start scan








On completion of the scan click [Save log], save it to your desktop and post in your next reply


Kevin

[RichieAnything]

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-29 13:12:55
-----------------------------
13:12:55.156    OS Version: Windows x64 6.1.7600
13:12:55.156    Number of processors: 2 586 0x603
13:12:55.156    ComputerName: DELORIS-HP  UserName: Deloris
13:12:56.201    Initialize success
13:13:20.299    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
13:13:20.299    Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 11
13:13:22.343    Disk 0 MBR read successfully
13:13:22.343    Disk 0 MBR scan
13:13:22.343    Disk 0 unknown MBR code
13:13:22.358    Service scanning
13:13:23.825    Modules scanning
13:13:23.825    Disk 0 trace - called modules:
13:13:23.840   
13:13:23.840    Scan finished successfully
13:13:58.672    Disk 0 MBR has been saved successfully to "C:\Users\Deloris\Desktop\MBR.dat"
13:13:58.672    The log file has been saved successfully to "C:\Users\Deloris\Desktop\aswMBR.txt"

[RichieAnything]

I just got a blue screen saying something about a "dump" and instructed me to restart..   I restarted and my computer is still working...

[RichieAnything]

If it is any help----  I have been on xtube,com and clicked a few videos..  My problems may have come from that....?

[kevinf80]

Can you let me see the following file please C:\Users\Deloris\Desktop\aswMBR.txt it will be sitting right on your Desktop, copy and paste to your reply....

[RichieAnything]

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-29 13:12:55
-----------------------------
13:12:55.156    OS Version: Windows x64 6.1.7600
13:12:55.156    Number of processors: 2 586 0x603
13:12:55.156    ComputerName: DELORIS-HP  UserName: Deloris
13:12:56.201    Initialize success
13:13:20.299    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
13:13:20.299    Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 11
13:13:22.343    Disk 0 MBR read successfully
13:13:22.343    Disk 0 MBR scan
13:13:22.343    Disk 0 unknown MBR code
13:13:22.358    Service scanning
13:13:23.825    Modules scanning
13:13:23.825    Disk 0 trace - called modules:
13:13:23.840   
13:13:23.840    Scan finished successfully
13:13:58.672    Disk 0 MBR has been saved successfully to "C:\Users\Deloris\Desktop\MBR.dat"
13:13:58.672    The log file has been saved successfully to "C:\Users\Deloris\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-29 13:20:17
-----------------------------
13:20:17.200    OS Version: Windows x64 6.1.7600
13:20:17.200    Number of processors: 2 586 0x603
13:20:17.200    ComputerName: DELORIS-HP  UserName: Deloris
13:20:20.976    Initialize success
13:20:26.391    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
13:20:26.391    Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 11
13:20:28.435    Disk 0 MBR read successfully
13:20:28.435    Disk 0 MBR scan
13:20:28.451    Disk 0 unknown MBR code
13:20:28.451    Service scanning
13:20:34.550    Modules scanning
13:20:34.550    Disk 0 trace - called modules:
13:20:34.737    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
13:20:34.737    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042f5060]
13:20:34.737    3 CLASSPNP.SYS[fffff8800193f43f] -> nt!IofCallDriver -> [0xfffffa8004280b80]
13:20:34.753    5 amd_xata.sys[fffff8800108d7a8] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8004118660]
13:20:34.753    Scan finished successfully
13:21:55.202    Disk 0 MBR has been saved successfully to "C:\Users\Deloris\Desktop\MBR.dat"
13:21:55.202    The log file has been saved successfully to "C:\Users\Deloris\Desktop\aswMBR.txt"

[kevinf80]

Continue as follows please :-

Step 1

Upload a File to Virustotal

Please visit Virustotal

• Click the Browse... button
  
• Navigate to the file C:\Users\Deloris\Desktop\MBR.dat
  
• Click the Open button
  
• Click the Send button
  
• If you get a message saying File has already been analyzed: click Reanalyze file now
• Copy and paste the results back here please.

Step 2

Download TFC  to your desktop, from either of the following links
 Link 1
 Link 2

• Save any open work. TFC will close all open application windows.
• Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
• If prompted, click "Yes" to reboot.

Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to  complete cleaning process <---- Very Important

Step 3

Run ESET Online Scan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
• Check
  
• Leave the tick out of remove found threats
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push
  

You can refer to this animation by neomage if needed.
Frequently asked questions available Here  Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see the logs in your reply....

Kevin

[RichieAnything]

Antivirus   Version   Last update   Result
AhnLab-V3   2011.09.29.02   2011.09.29   -
AntiVir   7.11.15.77   2011.09.30   -
Antiy-AVL   2.0.3.7   2011.09.30   -
Avast   6.0.1289.0   2011.09.30   -
AVG   10.0.0.1190   2011.09.30   -
BitDefender   7.2   2011.09.30   -
ByteHero   1.0.0.1   2011.09.23   -
CAT-QuickHeal   11.00   2011.09.30   -
ClamAV   0.97.0.0   2011.09.30   -
Commtouch   5.3.2.6   2011.09.30   -
Comodo   10294   2011.09.30   -
DrWeb   5.0.2.03300   2011.09.30   -
Emsisoft   5.1.0.11   2011.09.30   -
eSafe   7.0.17.0   2011.09.27   -
eTrust-Vet   36.1.8590   2011.09.30   -
F-Prot   4.6.2.117   2011.09.29   -
F-Secure   9.0.16440.0   2011.09.30   -
Fortinet   4.3.370.0   2011.09.30   -
GData   22   2011.09.30   -
Ikarus   T3.1.1.107.0   2011.09.30   -
Jiangmin   13.0.900   2011.09.29   -
K7AntiVirus   9.113.5217   2011.09.29   -
Kaspersky   9.0.0.837   2011.09.30   -
McAfee   5.400.0.1158   2011.09.30   -
McAfee-GW-Edition   2010.1D   2011.09.30   -
Microsoft   1.7702   2011.09.30   -
NOD32   6505   2011.09.30   -
Norman   6.07.11   2011.09.30   -
nProtect   2011-09-30.01   2011.09.30   -
Panda   10.0.3.5   2011.09.29   -
PCTools   8.0.0.5   2011.09.30   -
Prevx   3.0   2011.09.30   -
Rising   23.77.04.01   2011.09.30   -
Sophos   4.69.0   2011.09.30   -
SUPERAntiSpyware   4.40.0.1006   2011.09.30   -
Symantec   20111.2.0.82   2011.09.30   -
TheHacker   6.7.0.1.314   2011.09.30   -
TrendMicro   9.500.0.1008   2011.09.30   -
TrendMicro-HouseCall   9.500.0.1008   2011.09.30   -
VBA32   3.12.16.4   2011.09.30   -
VIPRE   10621   2011.09.30   -
ViRobot   2011.9.30.4697   2011.09.30   -
VirusBuster   14.0.241.0   2011.09.30   -
MD5: 6e5983123af54e155687ab9e6bb275e3
SHA1: 2b6ce960860658f4d35296f6e30c1b73d9b186e0
SHA256: 430831077608276037fb66f35301ae677a966b169ea2e42cc8b255b260a5b31d
File size: 512 bytes
Scan date: 2011-09-30 13:20:31 (UTC)

[RichieAnything]

STEP 2 gives me a pop up message from TREND MICRO that says that the site that I am attempting to open is malicious.

[kevinf80]

Ignore the warning, the site is not malicious