get that Fraud.windowsprotectionsuite but it wont let me remove it. DDS attached

Here is my hijackthis log http://forums.spybot.info/showthread.php?t=60627


DDS (Ver_10-11-27.01) - NTFSx86
Run by David at 15:11:02.50 on Sun 28/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1993 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\MHotkey.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ChiFuncExt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Winamp\winamp.exe
C:\Riot Games\League of Legends\lol.launcher.exe
C:\Riot Games\League of Legends\Air\LOLClient.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\documents and settings\david\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Fraps] c:\fraps\FRAPS.EXE
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MAAgent] c:\program files\markany\contentsafer\MAAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\david\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - component: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\david\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: AnyColor: http://forums.spybot.info/misc.php?do=email_dev&email=YW55Y29sb3IucGF2bG9zMjU2QGdtYWlsLmNvbQ== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\anycolor.pavlos256@gmail.com
FF - Extension: Battlefield Heroes Updater: http://forums.spybot.info/misc.php?do=email_dev&email=YmF0dGxlZmllbGRoZXJvZXNwYXRjaGVyQGVhLmNvbQ== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\battlefieldheroespatcher@ea.com
FF - Extension: English (Australian) Dictionary: http://forums.spybot.info/misc.php?do=email_dev&email=ZW4tQVVAZGljdGlvbmFyaWVzLmFkZG9ucy5tb3ppbGxhLm9yZw== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\en-AU@dictionaries.addons.mozilla.org
FF - Extension: Read It Later: http://forums.spybot.info/misc.php?do=email_dev&email=aXNyZWFkaXRsYXRlckBpZGVhc2hvd2VyLmNvbQ== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\isreaditlater@ideashower.com
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Extension: Download status: {9fb8c270-7124-11dd-ad8b-0800200c9a66} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: http://forums.spybot.info/misc.php?do=email_dev&email=anFzQHN1bi5jb20= - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-29 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-29 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-29 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-3-29 1617408]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-29 1656960]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\david\locals~1\temp\bsi45.tmp --> c:\docume~1\david\locals~1\temp\BSI45.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;c:\program files\garena\plugins\ui\safedrv.sys [2010-9-28 22112]
S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]

=============== Created Last 30 ================

2010-11-28 04:57:17 -------- d-----w- c:\program files\HostsXpert
2010-11-27 09:14:12 -------- d-----w- c:\docume~1\david\locals~1\applic~1\BingoLiner
2010-11-27 05:26:18 388096 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-27 05:26:17 -------- d-----w- c:\program files\Trend Micro
2010-11-27 05:24:05 -------- d-----w- c:\docume~1\david\applic~1\Malwarebytes
2010-11-27 05:23:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-27 05:23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 05:23:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-27 05:23:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-27 05:09:57 -------- d-----w- c:\program files\ESET
2010-11-17 12:19:35 -------- d-----w- c:\documents and settings\david\oni
2010-11-17 12:19:09 -------- d-----w- C:\CyberStep
2010-11-14 09:04:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-11-06 03:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 03:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-10-31 06:18:06 -------- d-----w- c:\program files\WS_FTP

==================== Find3M ====================

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-14 20:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-14 18:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-11 01:57:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-11 01:57:14 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-11 01:56:02 4419584 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-11 01:54:56 16248832 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-11 01:50:34 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-09-11 01:43:44 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-11 01:42:48 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-09-11 01:39:06 3942880 ----a-w- c:\windows\system32\ati3duag.dll
2010-09-11 01:29:12 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-09-11 01:26:58 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-11 01:26:46 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-11 01:26:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-09-11 01:26:34 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-11 01:26:24 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-09-11 01:25:38 2669312 ----a-w- c:\windows\system32\ativvaxx.dll
2010-09-11 01:25:14 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-09-11 01:24:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-09-11 01:23:12 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-11 01:19:56 634880 ----a-w- c:\windows\system32\atikvmag.dll
2010-09-11 01:18:14 192512 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-11 01:17:56 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-09-11 01:13:12 696320 ----a-w- c:\windows\system32\ati2cqag.dll
2010-09-11 01:11:50 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-11 01:11:50 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-04-08 16:48:15 802304 ----a-w- c:\program files\setup.exe
2010-04-08 16:47:16 576000 ----a-w- c:\program files\ISSetup.dll
2010-04-08 16:35:49 473 ----a-w- c:\program files\layout.bin

============= FINISH: 15:11:41.01 ===============

Bump. Help anyone?

Hi,

Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply. Post fresh dds logs (dds.txt & attach.txt) contents too.

Added DDS to .txt


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-04 12:06:16
Windows 5.1.2600 Service Pack 3
Running: zdsygssp.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\kwrcraog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB940C000, 0x275B27, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2348] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2144] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2744] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3028] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3200] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3540] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3652] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010
IAT C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4604] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002C0010

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060e3da01
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060e3da01 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Added DDS and gmer1 and gmer2 (Too long to post as 1 text file).

Hi,

You posted attach.txt (named as dds2.txt though) twice. Please run DDS again and post back contents of dds.txt only.

DDS (Ver_10-11-27.01) - NTFSx86
Run by David at 20:17:02.87 on Sat 04/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1906 [GMT 8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\MHotkey.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ChiFuncExt.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\lol.launcher.exe
C:\Riot Games\League of Legends\Air\LOLClient.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\documents and settings\david\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Fraps] c:\fraps\FRAPS.EXE
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MAAgent] c:\program files\markany\contentsafer\MAAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\david\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - component: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\david\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: AnyColor: anycolor.pavlos256@gmail.com - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\anycolor.pavlos256@gmail.com
FF - Extension: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\battlefieldheroespatcher@ea.com
FF - Extension: English (Australian) Dictionary: en-AU@dictionaries.addons.mozilla.org - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\en-AU@dictionaries.addons.mozilla.org
FF - Extension: Read It Later: isreaditlater@ideashower.com - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\isreaditlater@ideashower.com
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Extension: Download status: {9fb8c270-7124-11dd-ad8b-0800200c9a66} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-29 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-29 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-29 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-3-29 1617408]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-29 1656960]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\david\locals~1\temp\bsi45.tmp --> c:\docume~1\david\locals~1\temp\BSI45.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;c:\program files\garena\plugins\ui\safedrv.sys [2010-9-28 22112]
S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]

=============== Created Last 30 ================

2010-12-03 01:49:48 -------- d-----w- C:\FME
2010-12-03 01:27:39 -------- d-----w- c:\program files\HmelyoffLabs
2010-12-01 06:27:06 -------- d-----w- c:\program files\Advanced Sound Recorder
2010-11-30 06:45:51 -------- d-----w- c:\docume~1\david\locals~1\applic~1\CrashRpt
2010-11-30 06:45:41 -------- d-----w- c:\docume~1\david\locals~1\applic~1\Procaster
2010-11-30 06:45:40 -------- d-----w- c:\program files\Livestream Procaster
2010-11-30 06:04:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\SplitMediaLabs
2010-11-28 04:57:17 -------- d-----w- c:\program files\HostsXpert
2010-11-27 09:14:12 -------- d-----w- c:\docume~1\david\locals~1\applic~1\BingoLiner
2010-11-27 05:26:18 388096 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-27 05:26:17 -------- d-----w- c:\program files\Trend Micro
2010-11-27 05:24:05 -------- d-----w- c:\docume~1\david\applic~1\Malwarebytes
2010-11-27 05:23:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-27 05:23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 05:23:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-27 05:23:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-27 05:09:57 -------- d-----w- c:\program files\ESET
2010-11-17 12:19:35 -------- d-----w- c:\documents and settings\david\oni
2010-11-17 12:19:09 -------- d-----w- C:\CyberStep
2010-11-14 09:04:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-11-06 03:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 03:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-14 20:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-14 18:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-11 01:57:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-11 01:57:14 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-11 01:56:02 4419584 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-11 01:54:56 16248832 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-11 01:50:34 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-09-11 01:43:44 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-11 01:42:48 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-09-11 01:39:06 3942880 ----a-w- c:\windows\system32\ati3duag.dll
2010-09-11 01:29:12 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-09-11 01:26:58 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-11 01:26:46 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-11 01:26:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-09-11 01:26:34 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-11 01:26:24 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-09-11 01:25:38 2669312 ----a-w- c:\windows\system32\ativvaxx.dll
2010-09-11 01:25:14 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-09-11 01:24:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-09-11 01:23:12 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-11 01:19:56 634880 ----a-w- c:\windows\system32\atikvmag.dll
2010-09-11 01:18:14 192512 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-11 01:17:56 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-09-11 01:13:12 696320 ----a-w- c:\windows\system32\ati2cqag.dll
2010-09-11 01:11:50 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-11 01:11:50 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-04-08 16:48:15 802304 ----a-w- c:\program files\setup.exe
2010-04-08 16:47:16 576000 ----a-w- c:\program files\ISSetup.dll
2010-04-08 16:35:49 473 ----a-w- c:\program files\layout.bin

============= FINISH: 20:17:45.54 ===============

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Hi, combofix says I need to uninstall AVG even though I have taken the instruction towards disabling it.

Yes. Please uninstall AVG for now. It can be reinstalled later after system is clean (I'll tell you when).

Are you still there?

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.