Amazon Pages Redirected

engelke830 · July 20, 2012

Hi,

I would appreciate any help that can be provided with this. When I go to amazon.com and click on a link to one of the products, the page loads, then another page loads such as "gadgetreviewsworld . info" then the original amazon page reloads but I will now be logged out. The redirected page is not always the same one but it is always ".info". Malwarebytes and MSE did not detect anything wrong.

Here are my Attach and DDS logs. Thank you.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Engelke at 7:56:27 on 2012-07-20

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3571.1937 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\aestsrv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

C:\Program Files\Wave Systems Corp\SecureUpgrade.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\Kodak\Document Imaging\kds_i1200\Smart touch\KSSCFG.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Common Files\Apple\Internet Services\ubd.exe

C:\Users\Engelke\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\PostgreSQL\8.4\bin\postgres.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Users\Engelke\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Kodak\Document Imaging\kds_i1200\Smart touch\KSSE.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Users\Engelke\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler

uRun: [googletalk] c:\users\engelke\appdata\roaming\google\google talk\googletalk.exe /autostart

uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe

uRun: [spotify Web Helper] "c:\users\engelke\appdata\roaming\spotify\data\SpotifyWebHelper.exe"

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

uRun: [Google Update] "c:\users\engelke\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [secureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [nwiz] nwiz.exe /install

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"

mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"

mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"

mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDellB.exe" /mode2

mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [smart touch i1200] c:\program files\kodak\document imaging\kds_i1200\smart touch\KSSCFG.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\engelke\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\engelke\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

TCP: DhcpNameServer = 205.177.10.10 199.0.216.222

TCP: Interfaces\{23C426E9-5916-4F09-9D49-913AAE000B90} : DhcpNameServer = 205.177.10.10 199.0.216.222

TCP: Interfaces\{D9C9BDA5-33FE-485D-AE29-37BA117B32AE} : NameServer = 65.106.1.196,65.106.7.196

TCP: Interfaces\{D9C9BDA5-33FE-485D-AE29-37BA117B32AE} : DhcpNameServer = 205.177.10.10 199.0.216.222

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 wvauth

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\engelke\appdata\roaming\mozilla\firefox\profiles\dg8csqv0.default\

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_2311653e\AEstSrv.exe [2008-9-19 77824]

R2 alssvc;Ambient Light Sensor;c:\program files\dell\ambient light sensor\AlsSvc.exe [2008-6-3 382232]

R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-6-3 386328]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-7-31 808296]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-7-31 21352]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-18 453712]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]

R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-8-25 69632]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-9-19 29736]

R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-9-19 32808]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-9-19 224384]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-9-19 3662848]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056]

S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-6-12 80824]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-19 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-3-30 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-3-30 40552]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2010-12-29 20480]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2009-8-16 9040]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-6-12 181432]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-07-20 14:31:29 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{345914a0-96e8-464c-b40e-fa51af90c01b}\offreg.dll

2012-07-19 19:47:43 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{345914a0-96e8-464c-b40e-fa51af90c01b}\mpengine.dll

2012-07-19 16:04:50 -------- d-----w- c:\users\engelke\appdata\local\Spotify

2012-07-18 21:28:41 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-07-18 19:21:58 -------- d-----w- c:\users\engelke\appdata\roaming\SUPERAntiSpyware.com

2012-07-18 19:21:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-07-18 19:21:52 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-13 19:48:25 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-13 19:27:47 -------- d-----w- c:\users\engelke\appdata\local\temp

2012-07-13 19:12:39 98816 ----a-w- c:\windows\sed.exe

2012-07-13 19:12:39 518144 ----a-w- c:\windows\SWREG.exe

2012-07-13 19:12:39 256000 ----a-w- c:\windows\PEV.exe

2012-07-13 19:12:39 208896 ----a-w- c:\windows\MBR.exe

2012-07-12 20:20:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-11 22:32:36 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-11 21:30:41 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 17:24:30 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-11 17:24:18 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 17:24:18 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 17:22:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-11 17:22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-11 17:19:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 17:19:25 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 17:19:25 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-05 14:34:20 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6c9f5146-57cf-48ce-be33-8d36af1763c6}\gapaengine.dll

2012-07-03 23:10:29 -------- d-----w- c:\program files\Oracle

2012-07-03 23:09:37 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-28 14:49:19 -------- d-----w- c:\users\engelke\appdata\local\Macromedia

2012-06-25 15:30:55 -------- d-----w- c:\program files\iPod

2012-06-25 15:30:53 -------- d-----w- c:\program files\iTunes

2012-06-22 14:54:15 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 14:53:14 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 14:52:58 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-22 14:52:58 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-20 21:15:54 -------- d-----w- c:\program files\Veetle

.

==================== Find3M ====================

.

2012-07-12 16:54:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-12 16:54:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-29 07:38:50 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-05-24 01:50:06 4659712 ----a-w- c:\windows\system32\Redemption.dll

2012-05-21 02:09:00 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-05-21 02:09:00 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-05-05 02:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2000-07-15 07:00:00 136192 ----a-w- c:\program files\common files\Msderun.dll

.

============= FINISH: 7:57:45.90 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Business

Boot Device: \Device\HarddiskVolume3

Install Date: 9/19/2008 9:30:36 AM

System Uptime: 7/20/2012 7:30:37 AM (0 hours ago)

.

Motherboard: Dell Inc. | | 0RX495

Processor: Intel® Core2 Duo CPU T9400 @ 2.53GHz | Microprocessor | 2534/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 147 GiB total, 38.792 GiB free.

D: is FIXED (NTFS) - 2 GiB total, 1.12 GiB free.

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Officejet Pro 8500 A909g

Device ID: ROOT\IMAGE\0001

Manufacturer: HP

Name: Officejet Pro 8500 A909g

PNP Device ID: ROOT\IMAGE\0001

Service: StillCam

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8500 A909g

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro 8500 A909g

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet Pro 8600

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Officejet Pro 8600

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

==== System Restore Points ===================

.

RP936: 7/17/2012 7:50:52 AM - Windows Update

RP937: 7/18/2012 12:20:06 PM - Scheduled Checkpoint

RP938: 7/19/2012 7:44:43 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

32 Bit HP CIO Components Installer

7-Zip 9.20

8500A909_BasicWeb

8500A909_Help_BasicWeb

Adobe Acrobat 9 Standard - English, Français, Deutsch

Adobe Acrobat 9.5.1 - CPSID_83708

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe PDF IFilter 6.0

Adobe Reader 9.5.1

All Day Battery Life Configuration

Amazon MP3 Downloader 1.0.15

Ambient Light Sensor

Anki

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bing Bar

BioAPI Framework

biolsp patch

Bonjour

bpd_scan

BPDSoftware

BPDSoftware_Ini

Broadcom USH Host Components

Brother BRAdmin Light 1.09

Brother MFL-Pro Suite

Browser Address Error Redirector

BufferChm

Business Contact Manager for Outlook 2007 SP2

Cisco WebEx Meeting Center for Firefox or Chrome

D3DX10

Dell Control Point

Dell ControlPoint Connection Manager

Dell ControlPoint Security Manager

Dell ControlPoint System Manager

Dell Embassy Trust Suite by Wave Systems

Dell Getting Started Guide

Dell Security Device Driver Pack

Dell Touchpad

Dell Webcam Central

DeskPins (remove only)

Digsby

Directory of Physicians in the United States 2005

Directory of Physicians in the United States 2010

Document Manager Lite

Dropbox

EDocs

EMBASSY Security Center

EMBASSY Security Setup

Epson Event Manager

Epson FAX Utility

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 610 Series Printer Uninstall

EpsonNet Print

EpsonNet Setup

ESC Home Page Plugin

Fetchnotes Widget

ffdshow [rev 2527] [2008-12-19]

Gemalto

GIMP 2.6.11

GNU Backgammon (MAIN branch, 20111003 code)

Google Chrome

Google Desktop

Google Photos Screensaver

Google Talk (remove only)

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GoToMeeting 5.1.0.880

Graduate Medical Education

GumNotes version 1.3.1.740

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Officejet Pro 8500 A909 Series

iCloud

InfraRecorder

Integrated Webcam Driver (1.06.03.0309)

Intel PROSet Wireless

Intel® Network Connections 13.0.42.0

Intel® PRO Alerting Agent

Intel® PROSet/Wireless WiFi Software

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java 6 Update 5

Java 6 Update 7

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

jZip

KeePass Password Safe 2.09

KODAK i1200 - Smart touch

KODAK i1210/i1220 Scanner

Konica Scantrip Admin

LaCie Backup Software v1.5.2378

Lizard Safeguard - PDF Viewer 2.6.17

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliPoint 6.2

Microsoft IntelliType Pro 6.2

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Live Add-in 1.5

Microsoft Office Live Meeting 2007

Microsoft Office OneNote Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNoteHomeStudent 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft SharedView

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MobileMe Control Panel

Mozilla Firefox 10.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network

NTRU TCG Software Stack

NVIDIA Drivers

NVIDIA nView Desktop Manager

OGA Notifier 2.0.0048.0

Panraven Picasa2 Plugin

PaperPort Image Printer

Picasa 3

PlayReady PC Runtime x86

PokerStove version 1.24

PostgreSQL 8.4

PowerDVD

Preboot Manager

Private Information Manager

QuickTime

Revo Uninstaller 1.94

Roxio Activation Module

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Scan

ScanSoft PaperPort 11

Secure Update

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Wizards

Segoe UI

Snapshot Viewer

Spotify

SUPERAntiSpyware

Symantec Technical Support Web Controls

Toolbox

Trusted Drive Manager

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Veetle TV

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 2.0.2

Wave Infrastructure Installer

Wave Support Software

WebEx

WebReg

WIDCOMM Bluetooth Software 6.1.0.4402

Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)

Windows Driver Package - Livescribe (PulseUsb) Image (03/19/2009 2.0.12.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

7/20/2012 7:32:12 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

7/20/2012 7:31:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

7/20/2012 7:31:23 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.27 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.

7/20/2012 7:31:12 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer WebEx Document Loader with shared resource name WebEx Document Loader. Error 2114. The printer cannot be used by others on the network.

7/20/2012 7:31:12 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer PaperPort Image Printer with shared resource name PaperPort Image Printer. Error 2114. The printer cannot be used by others on the network.

7/20/2012 7:31:12 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Microsoft Office Live Meeting 2007 Document Writer with shared resource name Microsoft Office Live Meeting 2007 Document Writer. Error 2114. The printer cannot be used by others on the network.

7/19/2012 7:44:41 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.

7/19/2012 7:44:39 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

7/19/2012 12:06:39 PM, Error: Service Control Manager [7034] - The Dell ControlPoint System Manager service terminated unexpectedly. It has done this 1 time(s).

7/19/2012 12:06:39 PM, Error: Service Control Manager [7034] - The Dell ControlPoint Button Service service terminated unexpectedly. It has done this 1 time(s).

7/19/2012 1:20:15 PM, Error: netbt [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

7/17/2012 8:08:20 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP LaserJet 1200 Series PCL 5 with shared resource name HP LaserJet 1200 Series PCL 5. Error 2114. The printer cannot be used by others on the network.

7/17/2012 8:08:20 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Foxit PDF Printer with shared resource name Foxit PDF Printer. Error 2114. The printer cannot be used by others on the network.

7/17/2012 8:08:20 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Canon iP3500 series with shared resource name Canon iP3500 series. Error 2114. The printer cannot be used by others on the network.

7/17/2012 8:08:20 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Brother PC-FAX v.2 with shared resource name Brother PC-FAX v.2. Error 2114. The printer cannot be used by others on the network.

7/17/2012 8:08:20 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Brother MFC-9840CDW Printer with shared resource name Brother MFC-9840CDW Printer. Error 2114. The printer cannot be used by others on the network.

7/13/2012 12:28:04 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

.

==== End Of File ===========================

DDS.txt

Attach.txt

screen317 · July 20, 2012

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When the tool is finished, it will produce a report for you.
Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

engelke830 · July 20, 2012

Here is the MBAM log. Will run combofix now.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.20.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Engelke :: ENGELKE-PC [administrator]

7/20/2012 8:31:48 AM

mbam-log-2012-07-20 (08-31-48).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 262218

Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

engelke830 · July 20, 2012

Here is the ComboFix Log. New DDS coming next.

ComboFix 12-07-20.02 - Engelke 07/20/2012 8:44.2.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3571.1927 [GMT -7:00]

Running from: c:\users\Engelke\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\users\Engelke\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

.

((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))

.

2012-07-20 15:54 . 2012-07-20 16:00 -------- d-----w- c:\users\Engelke\AppData\Local\temp

2012-07-20 15:54 . 2012-07-20 15:54 -------- d-----w- c:\users\TEMP.Engelke-PC.000\AppData\Local\temp

2012-07-20 15:54 . 2012-07-20 15:54 -------- d-----w- c:\users\postgres\AppData\Local\temp

2012-07-20 15:54 . 2012-07-20 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-20 15:54 . 2012-07-20 15:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-07-20 14:59 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8320C9AA-0560-439D-925A-132EFC067A14}\mpengine.dll

2012-07-19 16:04 . 2012-07-19 20:01 -------- d-----w- c:\users\Engelke\AppData\Local\Spotify

2012-07-18 21:28 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-18 19:21 . 2012-07-18 19:21 -------- d-----w- c:\users\Engelke\AppData\Roaming\SUPERAntiSpyware.com

2012-07-18 19:21 . 2012-07-18 19:21 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-07-18 19:21 . 2012-07-18 19:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-07-12 20:20 . 2012-07-13 14:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-07-11 22:32 . 2012-07-12 16:57 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-11 21:30 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 17:24 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 17:24 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 17:24 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 17:22 . 2012-07-18 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-11 17:22 . 2012-07-03 20:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-11 17:19 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 17:19 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 17:19 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-05 14:34 . 2012-02-10 15:30 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C9F5146-57CF-48CE-BE33-8D36AF1763C6}\gapaengine.dll

2012-07-03 23:10 . 2012-07-03 23:10 -------- d-----w- c:\program files\Oracle

2012-07-03 23:09 . 2012-05-05 02:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-28 14:49 . 2012-06-28 14:49 -------- d-----w- c:\users\Engelke\AppData\Local\Macromedia

2012-06-25 15:30 . 2012-06-25 15:30 -------- d-----w- c:\program files\iPod

2012-06-25 15:30 . 2012-06-25 15:32 -------- d-----w- c:\program files\iTunes

2012-06-22 14:54 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 14:54 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 14:54 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 14:54 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 14:53 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 14:53 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 14:53 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 14:52 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 14:52 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 21:15 . 2012-06-20 21:16 -------- d-----w- c:\program files\Veetle

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-20 14:31 . 2008-09-23 22:00 0 ----a-w- c:\users\Engelke\AppData\Local\WavXMapDrive.bat

2012-07-12 16:54 . 2012-03-29 14:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-12 16:54 . 2011-06-03 23:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-29 07:38 . 2012-05-29 07:38 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-05-24 01:50 . 2012-06-12 14:02 4659712 ----a-w- c:\windows\system32\Redemption.dll

2012-05-24 01:49 . 2012-05-24 01:49 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-05-24 01:49 . 2012-05-24 01:49 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-05-24 01:49 . 2012-05-24 01:49 974848 ----a-w- c:\windows\system32\cis-2.4.dll

2012-05-24 01:49 . 2012-05-24 01:49 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll

2012-05-24 01:49 . 2012-05-24 01:49 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll

2012-05-24 01:49 . 2012-05-24 01:49 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll

2012-05-24 01:49 . 2012-05-24 01:49 57344 ----a-w- c:\windows\system32\MK_Lyric.dll

2012-05-24 01:49 . 2012-05-24 01:49 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll

2012-05-24 01:49 . 2012-05-24 01:49 569344 ----a-w- c:\windows\system32\muzdecode.ax

2012-05-24 01:49 . 2012-05-24 01:49 491520 ----a-w- c:\windows\system32\muzapp.dll

2012-05-24 01:49 . 2012-05-24 01:49 49152 ----a-w- c:\windows\system32\MaJGUILib.dll

2012-05-24 01:49 . 2012-05-24 01:49 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

2012-05-24 01:49 . 2012-05-24 01:49 45056 ----a-w- c:\windows\system32\MaXMLProto.dll

2012-05-24 01:49 . 2012-05-24 01:49 45056 ----a-w- c:\windows\system32\MACXMLProto.dll

2012-05-24 01:49 . 2012-05-24 01:49 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll

2012-05-24 01:49 . 2012-05-24 01:49 352256 ----a-w- c:\windows\system32\MSLUR71.dll

2012-05-24 01:49 . 2012-05-24 01:49 258048 ----a-w- c:\windows\system32\muzoggsp.ax

2012-05-24 01:49 . 2012-05-24 01:49 245760 ----a-w- c:\windows\system32\MSCLib.dll

2012-05-24 01:49 . 2012-05-24 01:49 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe

2012-05-24 01:49 . 2012-05-24 01:49 200704 ----a-w- c:\windows\system32\muzwmts.dll

2012-05-24 01:49 . 2012-05-24 01:49 172032 ----a-w- c:\windows\system32\muzapp.exe

2012-05-24 01:49 . 2012-05-24 01:49 155648 ----a-w- c:\windows\system32\MSFLib.dll

2012-05-24 01:49 . 2012-05-24 01:49 143360 ----a-w- c:\windows\system32\3DAudio.ax

2012-05-24 01:49 . 2012-05-24 01:49 135168 ----a-w- c:\windows\system32\muzaf1.dll

2012-05-24 01:49 . 2012-05-24 01:49 131072 ----a-w- c:\windows\system32\muzmpgsp.ax

2012-05-24 01:49 . 2012-05-24 01:49 122880 ----a-w- c:\windows\system32\muzeffect.ax

2012-05-24 01:49 . 2012-05-24 01:49 118784 ----a-w- c:\windows\system32\MaDRM.dll

2012-05-24 01:49 . 2012-05-24 01:49 110592 ----a-w- c:\windows\system32\muzmp4sp.ax

2012-05-24 01:49 . 2012-06-12 14:02 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-05-24 01:49 . 2012-06-12 14:02 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys

2012-05-24 01:49 . 2008-09-19 21:46 319456 ----a-w- c:\windows\system32\DIFxAPI.dll

2012-05-21 02:09 . 2012-06-12 14:05 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-05-21 02:09 . 2012-06-12 14:05 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-05-05 02:29 . 2010-06-03 21:45 687504 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-01 14:03 . 2012-06-13 22:25 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-23 16:00 . 2012-06-13 22:25 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-04-23 16:00 . 2012-06-13 22:25 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-23 16:00 . 2012-06-13 22:25 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2000-07-15 07:00 . 2008-10-08 21:23 136192 ----a-w- c:\program files\Common Files\Msderun.dll

2012-01-29 15:55 . 2012-02-08 17:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-04-14 21:01 . 2011-03-03 05:55 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Engelke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Engelke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Engelke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]

@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"

[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]

2009-11-08 17:55 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]

@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"

[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]

2009-11-08 17:55 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-19 68856]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

"googletalk"="c:\users\Engelke\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Spotify Web Helper"="c:\users\Engelke\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-19 1193176]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 99328]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-11 442467]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-24 243000]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]

"nwiz"="nwiz.exe" [2009-06-11 1657376]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-14 30192]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]

"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-24 79160]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-27 17920]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-05-30 593920]

"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-08-25 1486848]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" [2008-04-11 372736]

"DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-08 65536]

"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-05-30 180224]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-02 196608]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"Smart touch i1200"="c:\program files\Kodak\Document Imaging\kds_i1200\Smart touch\KSSCFG.exe" [2008-04-22 188416]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Engelke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Engelke\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]

Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-8-18 1186896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 wvauth

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\aestsrv.exe [x]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 16:54]

.

2012-07-19 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-19 16:52]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 03:54]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 03:54]

.

2012-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2269250054-1500103086-2089624545-1003Core.job

- c:\users\Engelke\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-15 17:45]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2269250054-1500103086-2089624545-1003UA.job

- c:\users\Engelke\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-15 17:45]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 205.177.10.10 199.0.216.222

TCP: Interfaces\{D9C9BDA5-33FE-485D-AE29-37BA117B32AE}: NameServer = 65.106.1.196,65.106.7.196

DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

FF - ProfilePath - c:\users\Engelke\AppData\Roaming\Mozilla\Firefox\Profiles\dg8csqv0.default\

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-20 09:02

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 25494 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]

"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\postgresql-8.4]

"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(704)

c:\windows\system32\wvauth.dll

c:\windows\system32\biolsp.dll

c:\windows\System32\TdmNetworkProvider.dll

.

- - - - - - - > 'Explorer.exe'(4504)

c:\users\Engelke\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\STacSV.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe

c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files\Dell\Ambient Light Sensor\AlsSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Intel\ASF Agent\ASFAgent.exe

c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe

c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\PostgreSQL\8.4\bin\pg_ctl.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\PostgreSQL\8.4\bin\postgres.exe

c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

c:\program files\PostgreSQL\8.4\bin\postgres.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Completion time: 2012-07-20 09:07:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-20 16:06

ComboFix2.txt 2012-07-13 19:50

.

Pre-Run: 41,758,281,728 bytes free

Post-Run: 41,736,065,024 bytes free

.

- - End Of File - - AB4C3797DA8C26BF00AC5911EC5C086C

engelke830 · July 20, 2012

One thing I forgot to mention was that when I ran ComboFix, I received an error message that said "dell.ucm has stopped working".

engelke830 · July 20, 2012

Here are the DDS logs.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Engelke at 9:12:09 on 2012-07-20

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.3571.2060 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\STacSV.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2311653e\aestsrv.exe

C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Intel\ASF Agent\ASFAgent.exe

C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\PostgreSQL\8.4\bin\postgres.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

C:\Program Files\PostgreSQL\8.4\bin\postgres.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.exe