DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Greg at 11:35:57.97 on Sun 01/09/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.5244 [GMT -7:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: Avanquest NetDefense Firewall *Disabled* {0F30DED7-ED39-6BCD-62F2-CB158C558FCC}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avanquest\Fix-It\AVQWinMonEngine.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\AVANQU~2\Fix-It\mxtask.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\PROGRA~2\AVANQU~2\Fix-It\mxtask2.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\VIA\RAID\vialogsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Paint.NET\PaintDotNet.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Greg\Desktop\Loads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Freecause Toolbar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - ZoneAlarm Toolbar Registrar
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} -
TB: Bookmark Dashboard: {669695bc-a811-4a9d-8cdf-ba8c795f261d} - C:\Program Files (x86)\Cyber 21\Bookmark Dashboard\BDBar.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - C:\Program Files (x86)\Gamers Unite! Snag Bar\Toolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [<NO NAME>]
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [BTCLiveUpdate] "C:\Program Files (x86)\LiveUpdate\LiveUpdate.exe" /autostart
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [S60 PC Suite Tray] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio Creator 2009 Ultimate\5.0\CPMonitor.exe"
mRun: [BkupTray] "C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{76E41~1\Setup.exe -rebootC:\PROGRA~2\INSTAL~1\{76E41~1\reboot.ini
dRun: [Samsung.PCSync] "C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -
TB-X64: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\4aithe51.default\
FF - prefs.js: browser.startup.homepage - hxxp://sporting-goods.shop.ebay.com/i.html?_nkw=hooger&_sacat=21250&_dmpt=Snowboarding&_odkw=snowboards&_osacat=21250&_trksid=p3286.c0.m270.l1313|http://sporting-goods.shop.ebay.com/i.html?_nkw=swallowtail&_sacat=21250&_dmpt=Snowboarding&_odkw=nitro&_osacat=21250&_trksid=p3286.c0.m270.l1313|http://sporting-goods.shop.ebay.com/i.html?_nkw=nidecker&_sacat=21250&_dmpt=Snowboarding&_odkw=snowboards&_osacat=21250&_trksid=p3286.c0.m270.l1313|http://sporting-goods.shop.ebay.com/i.html?_nkw=pj&_sacat=21250&_dmpt=Snowboarding&_odkw=snowboards&_osacat=21250&_trksid=p3286.c0.m270.l1313|http://sporting-goods.shop.ebay.com/Snowboards-/21250/i.html?_trkparms=65%253A12%257C66%253A2%257C39%253A1%257C72%253A4246&rt=nc&_nkw=santa%20cruz&_dmpt=Snowboarding&_trksid=p3286.c0.m14.l1513&_pgn=1|http://sporting-goods.shop.ebay.com/i.html?_nkw=asymmetrical&_sacat=21250&_dmpt=Snowboarding&_odkw=snowboards&_osacat=21250&_trksid=p3286.c0.m270.l1311|http://sporting-goods.shop.ebay.com/i.html?_nkw=race&_sacat=21250&_dmpt=Snowboarding&_odkw=snowboards&_osacat=21250&_trksid=p3286.c0.m270.l1313|http://sporting-goods.shop.ebay.com/i.html?_nkw=donek&_sacat=21250&_dmpt=Snowboarding&_odkw=snowboards&_osacat=21250&_trksid=p3286.c0.m270.l1313|http://www.hardbooter.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62781&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Media Convert Master\codec\quicktime\Plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Media Convert Master\codec\quicktime\Plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Media Convert Master\codec\quicktime\Plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Media Convert Master\codec\quicktime\Plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Media Convert Master\codec\quicktime\Plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Media Convert Master\codec\quicktime\Plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Media Convert Master\codec\quicktime\Plugins\npqtplugin7.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 3\plugins\np_gp.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Greg\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Gamers Unite! Snag Bar: {afe43e80-0abc-4df2-81a0-3fe44b74abe8} - %profile%\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-7-18 69152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-21 55024]
R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2009-11-21 26608]
R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2009-11-21 19952]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\dddskx64.sys [2010-11-26 26024]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2009-11-21 27632]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2009-10-28 24152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-7-23 84752]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

=============== Created Last 30 ================

2011-01-09 17:28:34 -------- d-----w- C:\Users\Greg\AppData\Roaming\Avira
2011-01-09 17:12:45 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-01-09 17:12:44 -------- d-----w- C:\Program Files (x86)\Avira
2011-01-09 17:12:44 -------- d-----w- C:\PROGRA~3\Avira
2011-01-09 16:46:43 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F9E5B487-9495-4BCF-B015-8C715B7621E7}\mpengine.dll
2011-01-08 15:34:46 -------- d-----w- C:\Users\Greg\AppData\Roaming\Binreader
2011-01-08 15:34:27 -------- d-----w- C:\Program Files (x86)\Binreader
2011-01-08 14:53:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-01-08 14:53:10 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-01-08 06:41:15 -------- d-----w- C:\Users\Greg\AppData\Roaming\TweakNow WinSecret 2011
2011-01-08 06:41:15 -------- d-----w- C:\Program Files (x86)\TweakNow WinSecret 2011
2011-01-08 06:10:28 35008 ----a-w- C:\Windows\System32\mxntdfg.exe
2011-01-08 06:03:01 -------- d-sh--r- C:\_Backup.RC
2011-01-08 06:02:05 -------- d--h--w- C:\_Backup
2011-01-08 05:58:52 -------- d-----w- C:\Users\Greg\AppData\Roaming\Avanquest
2011-01-08 05:58:52 -------- d-----w- C:\PROGRA~3\Avanquest
2011-01-08 05:58:35 -------- d-----w- C:\Program Files (x86)\Avanquest
2011-01-07 23:33:54 388096 ----a-r- C:\Users\Greg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-07 23:33:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-12-31 14:23:38 -------- d-----w- C:\Windows\SysWow64\RTCOM
2010-12-31 14:20:49 475752 ----a-w- C:\Windows\System32\DTSVoiceClarityDLL64.dll
2010-12-31 13:48:35 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2010-12-31 13:48:26 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2010-12-31 13:48:25 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2010-12-31 13:48:25 25920 ----a-w- C:\Windows\System32\authuitu.dll
2010-12-31 13:48:25 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2010-12-31 13:48:07 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2011
2010-12-31 13:39:13 -------- d-sh--w- C:\PROGRA~3\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-12-22 00:15:54 -------- d-----w- C:\Program Files (x86)\Daniusoft
2010-12-22 00:06:15 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys
2010-12-22 00:06:06 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys
2010-12-22 00:06:00 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys
2010-12-22 00:05:53 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys
2010-12-22 00:05:33 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys
2010-12-22 00:05:18 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
2010-12-22 00:05:18 496640 ----a-w- C:\Windows\SysWow64\xvid.ax
2010-12-22 00:05:17 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
2010-12-22 00:05:15 -------- d-----w- C:\Program Files (x86)\iSkysoft
2010-12-21 06:17:05 -------- d-----w- C:\Program Files\iTunes
2010-12-21 06:17:05 -------- d-----w- C:\Program Files\iPod
2010-12-21 06:17:05 -------- d-----w- C:\Program Files (x86)\iTunes
2010-12-21 06:04:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-21 06:04:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2010-12-21 06:04:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-12-21 06:04:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-12-21 06:04:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-12-21 06:04:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-12-21 06:04:34 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-12-21 06:03:55 -------- d-----w- C:\Program Files (x86)\Media Convert Master
2010-12-20 23:34:50 -------- d-----w- C:\Program Files (x86)\PixiePack Codec Pack
2010-12-20 04:11:56 -------- d-----w- C:\Program Files (x86)\Freemake
2010-12-20 04:08:25 -------- d-----w- C:\Users\Greg\AppData\Roaming\Winff
2010-12-20 01:59:01 -------- d-----w- C:\Users\Greg\AppData\Local\CrashRpt
2010-12-20 01:58:43 -------- d-----w- C:\PROGRA~3\RapidSolution
2010-12-20 01:56:53 -------- d-----w- C:\Users\Greg\AppData\Local\RapidSolution
2010-12-15 08:29:17 -------- d-----w- C:\Windows\SysWow64\SimFiles
2010-12-15 02:53:14 6144 ----a-w- C:\Windows\System32\ff_acm.acm
2010-12-15 02:53:14 60273 ----a-w- C:\Windows\System32\pthreadGC2.dll
2010-12-15 02:53:14 57344 ----a-w- C:\Windows\System32\ff_vfw.dll
2010-12-15 02:53:14 258352 ----a-w- C:\Windows\System32\unicows.dll
2010-12-15 02:53:13 98304 ----a-w- C:\Windows\System32\L3CODECX.AX
2010-12-15 02:53:10 -------- d-----w- C:\Program Files\Cucusoft

==================== Find3M ====================

2010-12-21 01:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-15 04:30:31 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2010-12-05 05:17:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2010-12-01 00:24:20 553984 ----a-w- C:\Windows\System32\RCoRes64.dat
2010-12-01 00:06:02 2647528 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2010-11-30 01:47:42 2578576 ----a-w- C:\Windows\System32\WavesGUILib.dll
2010-11-30 01:47:12 1868944 ----a-w- C:\Windows\System32\MaxxAudioRealtek.dll
2010-11-30 00:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-24 21:24:40 2815592 ----a-w- C:\Windows\System32\RtkAPO64.dll
2010-11-24 21:24:40 2189416 ----a-w- C:\Windows\System32\RtPgEx64.dll
2010-11-24 01:45:42 1247848 ----a-w- C:\Windows\System32\RTCOM64.dll
2010-11-23 00:05:18 286720 ----a-w- C:\Windows\iun507.exe
2010-11-22 18:39:10 626792 ----a-w- C:\Windows\System32\RtkApi64.dll
2010-11-18 18:49:58 121744 ----a-w- C:\Windows\System32\SFSS_APO.dll
2010-11-16 19:18:27 46112 ----a-w- C:\Windows\System32\drivers\tbhsd.sys
2010-11-13 01:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-11 20:27:00 83048 ----a-w- C:\Windows\System32\RCoInst64.dll
2010-11-08 14:31:30 375128 ----a-w- C:\Windows\System32\RTEEP64A.dll
2010-11-08 14:31:30 101208 ----a-w- C:\Windows\System32\RTEEL64A.dll
2010-11-08 14:31:28 78680 ----a-w- C:\Windows\System32\RTEEG64A.dll
2010-11-08 14:31:28 310104 ----a-w- C:\Windows\System32\RP3DHT64.dll
2010-11-08 14:31:28 310104 ----a-w- C:\Windows\System32\RP3DAA64.dll
2010-11-08 14:31:28 204120 ----a-w- C:\Windows\System32\RTEED64A.dll
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-04 01:31:14 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2010-11-04 01:31:02 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2010-11-04 01:30:40 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2010-11-04 01:29:54 491112 ----a-w- C:\Windows\System32\DTSSymmetryDLL64.dll
2010-11-04 01:29:42 317032 ----a-w- C:\Windows\System32\DTSNeoPCDLL64.dll
2010-11-04 01:29:42 269928 ----a-w- C:\Windows\System32\DTSLimiterDLL64.dll
2010-11-04 01:29:42 1327208 ----a-w- C:\Windows\System32\DTSS2SpeakerDLL64.dll
2010-11-04 01:29:42 1179752 ----a-w- C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2010-11-04 01:29:32 126056 ----a-w- C:\Windows\System32\DTSLFXAPO64.dll
2010-11-04 01:29:32 125544 ----a-w- C:\Windows\System32\DTSGFXAPO64.dll
2010-11-04 01:29:32 125032 ----a-w- C:\Windows\System32\DTSGFXAPONS64.dll
2010-11-04 01:29:20 504936 ----a-w- C:\Windows\System32\DTSBassEnhancementDLL64.dll
2010-11-04 01:29:20 266856 ----a-w- C:\Windows\System32\DTSGainCompensatorDLL64.dll
2010-11-04 01:29:20 1111656 ----a-w- C:\Windows\System32\DTSBoostDLL64.dll
2010-11-03 15:30:32 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-11-02 16:35:08 1718616 ----a-w- C:\Windows\System32\R4EEP64A.dll
2010-11-02 16:35:02 127832 ----a-w- C:\Windows\System32\R4EEL64A.dll
2010-11-02 16:34:58 74584 ----a-w- C:\Windows\System32\R4EEG64A.dll
2010-11-02 16:34:54 421720 ----a-w- C:\Windows\System32\R4EED64A.dll
2010-11-02 16:34:50 108888 ----a-w- C:\Windows\System32\R4EEA64A.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-29 17:29:30 1937312 ----a-w- C:\Windows\System32\FMAPO64.dll
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 17:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

============= FINISH: 11:38:46.88 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

I am so sorry for the delay in responding to your post, most times we get so busy that a post or two falls through the cracks.

If you have not resolved your issue and still need help then do this



Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please






OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.