Hi,

My browser (IE) quite recently seems to have started redirecting me, once in a while, to other sites that I have not requested when I click on a link. So far when this happens, if I click the Back button and then click the same link again, the browser opens the desired URL.

Spybot and Avast free anti-virus scans are coming up clean.

Here are two of the undesired sites that have opened:

invesplus.com
loaris.com/trojanremover/?7s-ad (I did NOT take the advice on this page to install the Loaris Trojan Remover)

Can you please give me some suggestions where to look to find what seems to be going on? The DDS log is below, and Attach.txt is attached. Thank you.


DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by osterczyk at 9:44:21.03 on Thu 12/02/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.3376 [GMT -8:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\oodag.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\oodtray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\2BrightSparks\SyncBackSE\SyncBackSE.exe
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Windows\system32\DllHost.exe
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\hh.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
F:\Install\DDS Log\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = file:///C:/Program%20Files/Install/Clock/Clock.htm
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\osterczyk\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
mRun-x64: [OODefragTray] C:\Windows\system32\oodtray.exe
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\OSTERC~1\AppData\Roaming\Mozilla\Firefox\Profiles\x99k7ycs.default\
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\osterczyk\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: FireFound: firefound@efinke.com - C:\Users\OSTERC~1\AppData\Roaming\Mozilla\Firefox\Profiles\x99k7ycs.default\extensions\firefound@efinke.com
FF - Extension: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Extension: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2009-8-5 179752]
R0 mv64xx;mv64xx;C:\Windows\System32\drivers\mv64xx.sys [2010-6-19 331816]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-24 55280]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\System32\drivers\tdrpm251.sys [2010-8-17 1455648]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-6-20 121936]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-8-17 2326920]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-6-19 90112]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-6-20 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-6-20 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-8 40384]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-4-10 294912]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-30 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-6-22 72216]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-13 151552]
R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-6-12 24635]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-6-19 26624]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-2 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-8-17 250400]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-8 40384]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-19 215040]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-6-19 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-2 136176]
S3 RDID1093;UM-1G;C:\Windows\System32\drivers\Rdwm1093.sys [2010-7-21 81920]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-6-19 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtVlan60.sys [2010-6-19 24064]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.0);C:\Windows\System32\drivers\RtVlan60.sys [2010-6-19 24064]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-19 1255736]

=============== Created Last 30 ================

2010-12-02 08:01:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-02 08:01:55 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-30 13:23:00 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{B6CE1671-E019-4257-9153-16561EB280EB}\mpengine.dll
2010-11-28 20:37:04 -------- d-----w- C:\Users\OSTERC~1\AppData\Roaming\AtomPark
2010-11-24 01:48:43 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 01:48:43 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-21 02:48:39 -------- d-----w- C:\Program Files\WinHTTrack
2010-11-19 09:29:54 -------- d-----r- C:\Program Files (x86)\Skype
2010-11-19 05:59:47 -------- d-----w- C:\Program Files (x86)\WebLog Expert
2010-11-19 05:59:47 -------- d-----w- C:\Program Files (x86)\Common Files\Software FX Shared
2010-11-19 02:41:22 169320 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
2010-11-19 01:35:06 -------- d-----w- C:\PROGRA~3\WebLog Expert Lite
2010-11-18 23:42:43 -------- d-----w- C:\PROGRA~3\WebLog Expert
2010-11-18 23:42:31 -------- d-----w- C:\Users\OSTERC~1\AppData\Local\Groove
2010-11-17 17:28:53 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2010-11-17 17:27:07 112056 ----a-w- C:\Windows\SysWow64\acaptuser32.dll
2010-11-15 01:35:13 -------- d-----w- C:\Users\OSTERC~1\AppData\Local\Diagnostics
2010-11-15 01:27:25 -------- d-----w- C:\Users\OSTERC~1\AppData\Roaming\SmartDraw
2010-11-15 01:24:46 -------- d-----w- C:\SmartDraw 2010
2010-11-12 06:11:15 -------- d-----w- C:\Users\OSTERC~1\AppData\Local\Downloaded Installations
2010-11-08 01:40:59 -------- d-----w- C:\Users\OSTERC~1\AppData\Roaming\sfp40
2010-11-07 03:56:33 -------- d-----w- C:\by_bgl
2010-11-06 19:54:04 152848 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX
2010-11-06 19:54:04 -------- d-----w- C:\MSFS
2010-11-06 19:37:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

==================== Find3M ====================

2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-01 06:34:05 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-10-01 06:34:05 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-10-01 06:34:05 33152 ----a-w- C:\Windows\System32\LMIport.dll
2010-09-23 07:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-21 21:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 21:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 11:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-14 18:00:00 136704 ----a-w- C:\Windows\System32\ff_vfw.dll
2010-09-14 08:00:00 108032 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- C:\Windows\avastSS.scr
2010-09-07 14:47:33 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

============= FINISH: 9:45:05.12 ===============

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please uninstall the programs listed above (in red).

Please download MBRCheck (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log in your reply with fresh dds logs.

Hi Blade,

Thanks for your response.

For the past week, the system seems to be running fine and I have not observed any instances where clicking on a link in Google results opens a random page (a better description of the issue than I originally posted).

However, I would appreciate your confirmation that there are no infections that may be lurking in the background. Here are the up-to-date logs you requested.

Thank you

----------

DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by osterczyk at 14:35:14.12 on Sun 12/12/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4221 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\oodag.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\System32\oodtray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\2BrightSparks\SyncBackSE\SyncBackSE.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
F:\Install\DDS Log\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = file:///C:/Program%20Files/Install/Clock/Clock.htm
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [Google Update] "C:\Users\osterczyk\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b
mRun: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Name of App] C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe r
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray
mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
mRun-x64: [OODefragTray] C:\Windows\system32\oodtray.exe
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\OSTERC~1\AppData\Roaming\Mozilla\Firefox\Profiles\x99k7ycs.default\
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\osterczyk\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: FireFound: firefound@efinke.com - C:\Users\OSTERC~1\AppData\Roaming\Mozilla\Firefox\Profiles\x99k7ycs.default\extensions\firefound@efinke.com
FF - Extension: Firebug: firebug@software.joehewitt.com - C:\Users\OSTERC~1\AppData\Roaming\Mozilla\Firefox\Profiles\x99k7ycs.default\extensions\firebug@software.joehewitt.com
FF - Extension: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Extension: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

============= SERVICES / DRIVERS ===============

R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2009-8-5 179752]
R0 mv64xx;mv64xx;C:\Windows\System32\drivers\mv64xx.sys [2010-6-19 331816]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-24 55280]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\System32\drivers\tdrpm251.sys [2010-8-17 1455648]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-6-20 121936]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-8-17 2326920]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-6-19 90112]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-6-20 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-6-20 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-8 40384]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-4-10 294912]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-30 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-6-22 72216]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-13 151552]
R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2008-6-12 24635]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2010-6-19 26624]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-2 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-8-17 250400]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-8 40384]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-19 215040]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-6-19 43008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-2 136176]
S3 RDID1093;UM-1G;C:\Windows\System32\drivers\Rdwm1093.sys [2010-7-21 81920]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2010-6-19 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.0);C:\Windows\System32\drivers\RtVlan60.sys [2010-6-19 24064]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.0);C:\Windows\System32\drivers\RtVlan60.sys [2010-6-19 24064]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-19 1255736]

=============== Created Last 30 ================

2010-12-11 23:17:13 -------- d-----w- C:\Windows\WindowsMobile
2010-12-10 09:59:35 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{199E9B1A-088C-447B-BA58-339B98D8F165}\mpengine.dll
2010-12-09 19:56:03 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-12-05 19:08:02 -------- d-----w- C:\Program Files (x86)\LizardLabs
2010-12-05 19:07:13 -------- d-----w- C:\Program Files (x86)\Log Parser 2.2
2010-12-04 05:48:53 -------- d-----w- C:\Users\OSTERC~1\AppData\Roaming\IsolatedStorage
2010-12-04 05:48:53 -------- d-----w- C:\Users\OSTERC~1\AppData\Roaming\BizAgi Ltd
2010-12-04 05:48:53 -------- d-----w- C:\Users\OSTERC~1\AppData\Local\IsolatedStorage
2010-12-04 05:48:53 -------- d-----w- C:\Users\OSTERC~1\AppData\Local\BizAgi_Ltd
2010-12-04 05:48:53 -------- d-----w- C:\Users\OSTERC~1\AppData\Local\BizAgi Ltd
2010-12-04 05:47:33 -------- d-----w- C:\Program Files (x86)\BizAgi
2010-12-04 05:42:10 -------- d-----w- C:\Users\OSTERC~1\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2010-12-04 05:41:44 -------- d-----w- C:\Program Files (x86)\Balsamiq Mockups
2010-12-04 02:28:05 -------- d-----w- C:\Program Files (x86)\AtomPark
2010-12-03 05:35:38 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2010-12-02 08:01:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-12-02 08:01:55 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-30 01:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-28 20:37:04 -------- d-----w- C:\Users\OSTERC~1\AppData\Roaming\AtomPark
2010-11-24 01:48:43 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 01:48:43 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-21 02:48:39 -------- d-----w- C:\Program Files\WinHTTrack
2010-11-19 09:29:54 -------- d-----r- C:\Program Files (x86)\Skype
2010-11-19 05:59:47 -------- d-----w- C:\Program Files (x86)\WebLog Expert
2010-11-19 05:59:47 -------- d-----w- C:\Program Files (x86)\Common Files\Software FX Shared
2010-11-19 02:41:22 169320 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
2010-11-19 01:35:06 -------- d-----w- C:\PROGRA~3\WebLog Expert Lite
2010-11-18 23:42:43 -------- d-----w- C:\PROGRA~3\WebLog Expert
2010-11-18 23:42:31 -------- d-----w- C:\Users\OSTERC~1\AppData\Local\Groove
2010-11-17 17:28:53 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2010-11-17 17:27:07 112056 ----a-w- C:\Windows\SysWow64\acaptuser32.dll
2010-11-15 01:35:13 -------- d-----w- C:\Users\OSTERC~1\AppData\Local\Diagnostics
2010-11-15 01:27:25 -------- d-----w- C:\Users\OSTERC~1\AppData\Roaming\SmartDraw
2010-11-15 01:24:46 -------- d-----w- C:\SmartDraw 2010

==================== Find3M ====================

2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-01 06:34:05 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2010-10-01 06:34:05 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2010-10-01 06:34:05 33152 ----a-w- C:\Windows\System32\LMIport.dll
2010-09-23 07:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-21 21:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 21:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 11:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-14 18:00:00 136704 ----a-w- C:\Windows\System32\ff_vfw.dll
2010-09-14 08:00:00 108032 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

============= FINISH: 14:36:22.84 ===============

----------

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x000207fc

Kernel Drivers (total 175):
0x02E65000 \SystemRoot\system32\ntoskrnl.exe
0x02E1C000 \SystemRoot\system32\hal.dll
0x00B99000 \SystemRoot\system32\kdcom.dll
0x00C28000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C6C000 \SystemRoot\system32\PSHED.dll
0x00C80000 \SystemRoot\system32\CLFS.SYS
0x00CDE000 \SystemRoot\system32\CI.dll
0x00E31000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE4000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F3B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F44000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F4E000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F81000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F8E000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAC000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB8000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D9E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FCD000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FD4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FE4000 \SystemRoot\System32\drivers\mountmgr.sys
0x010E3000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01000000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01009000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01033000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0103E000 \SystemRoot\system32\DRIVERS\mv61xx.sys
0x01085000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x01267000 \SystemRoot\system32\DRIVERS\mv64xx.sys
0x012FB000 \SystemRoot\system32\DRIVERS\mv64xxmm.sys
0x01303000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0130E000 \SystemRoot\system32\drivers\fltmgr.sys
0x0135A000 \SystemRoot\system32\drivers\fileinfo.sys
0x0136E000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01426000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0137A000 \SystemRoot\System32\Drivers\msrpc.sys
0x015C9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x016D0000 \SystemRoot\System32\Drivers\cng.sys
0x01743000 \SystemRoot\System32\drivers\pcw.sys
0x01754000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01859000 \SystemRoot\system32\drivers\ndis.sys
0x0194B000 \SystemRoot\system32\drivers\NETIO.SYS
0x019AB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A00000 \SystemRoot\System32\drivers\tcpip.sys
0x01800000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01C35000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01D1A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01D2A000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01E46000 \SystemRoot\system32\DRIVERS\tdrpm251.sys
0x01FAC000 \SystemRoot\System32\Drivers\spldr.sys
0x01FB4000 \SystemRoot\system32\DRIVERS\snapman.sys
0x01E00000 \SystemRoot\System32\drivers\rdyboost.sys
0x01D76000 \SystemRoot\System32\Drivers\mup.sys
0x01E3A000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01D88000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01DC2000 \SystemRoot\system32\DRIVERS\disk.sys
0x01C00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0175E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01DF1000 \SystemRoot\System32\Drivers\Null.SYS
0x019E9000 \SystemRoot\System32\Drivers\Beep.SYS
0x019F0000 \SystemRoot\System32\drivers\vga.sys
0x01788000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x017AD000 \SystemRoot\System32\drivers\watchdog.sys
0x0184A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017BD000 \SystemRoot\system32\drivers\rdpencdd.sys
0x017C6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017CF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017DA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01600000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0161E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0162B000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x0163B000 \SystemRoot\system32\drivers\afd.sys
0x016C5000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x01200000 \SystemRoot\System32\DRIVERS\netbt.sys
0x017EB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01400000 \SystemRoot\system32\DRIVERS\pacer.sys
0x015E3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01245000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x013D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03249000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0329A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x032A6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x032B1000 \SystemRoot\System32\drivers\discache.sys
0x032C0000 \SystemRoot\system32\drivers\csc.sys
0x03343000 \SystemRoot\System32\Drivers\dfsc.sys
0x03361000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03372000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03395000 \SystemRoot\SysWow64\drivers\AsUpIO.sys
0x0339B000 \SystemRoot\SysWow64\drivers\AsIO.sys
0x033A1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x033C7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x12004000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x12C96000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x12C98000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x12D8C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x12DD2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x040E9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0413F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04150000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04174000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x041AD000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x041EB000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x041F3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04000000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04010000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x04017000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0402D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04051000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0405D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0408C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x040A7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x040C8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x12DDF000 \SystemRoot\system32\DRIVERS\RtTeam60.sys
0x12DF2000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x033DD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x033EC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x040E2000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03200000 \SystemRoot\system32\DRIVERS\ks.sys
0x040E4000 \SystemRoot\system32\drivers\WmBEnum.sys
0x013EC000 \SystemRoot\system32\drivers\WmXlCore.sys
0x010B4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04A4E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04AA8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04ABD000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x04B36000 \SystemRoot\system32\drivers\portcls.sys
0x04B73000 \SystemRoot\system32\drivers\drmk.sys
0x04B95000 \SystemRoot\system32\drivers\ksthunk.sys
0x04B9B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04BA9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04BC2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04BCB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04BCD000 \SystemRoot\system32\drivers\WmFilter.sys
0x04BD6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04A00000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x04A15000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04A23000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04A30000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x010C6000 \SystemRoot\system32\drivers\usbaudio.sys
0x01DD8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04BF3000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x01FF3000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x019D6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x017F4000 \SystemRoot\System32\drivers\Dxapi.sys
0x015F2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x00930000 \SystemRoot\System32\ATMFD.DLL
0x00E00000 \SystemRoot\system32\drivers\luafv.sys
0x042BB000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x042F5000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x042FE000 \SystemRoot\system32\drivers\WudfPf.sys
0x0431F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04334000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0434C000 \SystemRoot\system32\DRIVERS\RtNdPt60.sys
0x07CE8000 \SystemRoot\system32\drivers\HTTP.sys
0x07DB0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x07DCE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x07C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x07C2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07C7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07C9E000 \SystemRoot\system32\DRIVERS\afcdp.sys
0x07CDD000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
0x07DE6000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x04358000 \SystemRoot\system32\drivers\peauth.sys
0x04200000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0420B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04238000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0424A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08477000 \SystemRoot\System32\DRIVERS\srv.sys
0x0850D000 \SystemRoot\system32\drivers\WmVirHid.sys
0x08510000 \SystemRoot\system32\drivers\spsys.sys
0x76F80000 \Windows\System32\ntdll.dll
0x483A0000 \Windows\System32\smss.exe
0xFF2A0000 \Windows\System32\apisetschema.dll

Processes (total 96):
0 System Idle Process
4 System
616 C:\Windows\System32\smss.exe
848 csrss.exe
908 C:\Windows\System32\wininit.exe
932 csrss.exe
976 C:\Windows\System32\services.exe
1000 C:\Windows\System32\lsass.exe
1008 C:\Windows\System32\lsm.exe
796 C:\Windows\System32\winlogon.exe
868 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\nvvsvc.exe
1092 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\audiodg.exe
1444 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\nvvsvc.exe
1656 C:\Windows\System32\svchost.exe
1720 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1984 C:\Windows\System32\spoolsv.exe
2020 C:\Windows\System32\svchost.exe
2076 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2100 C:\Windows\System32\AEADISRV.EXE
2144 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2188 C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
2212 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2252 C:\ASUS.SYS\config\DVMExportService.exe
2284 C:\Windows\SysWOW64\svchost.exe
2312 C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
2356 C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
2376 C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
2488 C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
2532 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
2576 C:\Windows\System32\svchost.exe
2644 C:\Windows\System32\oodag.exe
2696 C:\Windows\System32\svchost.exe
2724 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2752 C:\Windows\System32\svchost.exe
2792 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2884 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2468 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3348 WmiPrvSE.exe
3396 C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
3768 C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
3828 C:\Windows\System32\svchost.exe
4048 C:\Windows\System32\svchost.exe
3212 C:\Windows\System32\taskhost.exe
3272 C:\Windows\System32\dwm.exe
3036 C:\Windows\explorer.exe
3156 C:\Windows\System32\taskeng.exe
4256 C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
4316 C:\Windows\System32\svchost.exe
4648 C:\Program Files\Logitech\SetPointP\SetPoint.exe
4668 C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
4684 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
4692 C:\Windows\System32\oodtray.exe
4704 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
4752 C:\Windows\WindowsMobile\wmdc.exe
4760 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
4812 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
4900 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
5024 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
5056 C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
3820 C:\Windows\System32\svchost.exe
4544 C:\Program Files (x86)\2BrightSparks\SyncBackSE\SyncBackSE.exe
4428 C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
5032 C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
5272 C:\Program Files\Windows Media Player\wmpnetwk.exe
5456 C:\Windows\System32\svchost.exe
5820 C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
5836 C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
5844 C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
5852 C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
5876 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
5956 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
5984 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
5244 C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
5572 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
3164 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
6124 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
5268 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
5568 C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
5872 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
6152 C:\Windows\splwow64.exe
6452 dllhost.exe
1992 C:\Windows\System32\sppsvc.exe
6760 C:\Windows\System32\svchost.exe
5284 WmiPrvSE.exe
4888 C:\Windows\servicing\TrustedInstaller.exe
6984 C:\Windows\System32\VSSVC.exe
1264 C:\Windows\System32\svchost.exe
2040 C:\Users\osterczyk\Desktop\MBRCheck.exe
1512 C:\Windows\System32\conhost.exe
5228 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003e`86f00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000057`87000000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000096`07100000 (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000057`80100000 (NTFS)
\\.\I: --> \\.\PhysicalDrive1 at offset 0x00000062`00100000 (NTFS)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x0000006c`80200000 (NTFS)
\\.\K: --> \\.\PhysicalDrive1 at offset 0x000000cb`46400000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1001FALS-00J7B0, Rev: 05.00K05
PhysicalDrive1 Model Number: MARVELLRaid VD 0, Rev: 1.01

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1192 GB \\.\PhysicalDrive1 RE: Legit MBR code detected
SHA1: 5E6AA70B2D34DD871EE98324BB745978FA3445BC


Done!

----------

Looks ok. If no issues left then make sure your software is up-to-date. Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.

This thread has been closed due to inactivity. :)

If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.