Mc R00ster
2010-11-28, 09:16
get that Fraud.windowsprotectionsuite but it wont let me remove it. DDS attached
Here is my hijackthis log http://forums.spybot.info/showthread.php?t=60627
DDS (Ver_10-11-27.01) - NTFSx86
Run by David at 15:11:02.50 on Sun 28/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1993 [GMT 8:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\MHotkey.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ChiFuncExt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Winamp\winamp.exe
C:\Riot Games\League of Legends\lol.launcher.exe
C:\Riot Games\League of Legends\Air\LOLClient.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\documents and settings\david\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Fraps] c:\fraps\FRAPS.EXE
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MAAgent] c:\program files\markany\contentsafer\MAAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\david\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - component: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\david\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: AnyColor: http://forums.spybot.info/misc.php?do=email_dev&email=YW55Y29sb3IucGF2bG9zMjU2QGdtYWlsLmNvbQ== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\anycolor.pavlos256@gmail.com
FF - Extension: Battlefield Heroes Updater: http://forums.spybot.info/misc.php?do=email_dev&email=YmF0dGxlZmllbGRoZXJvZXNwYXRjaGVyQGVhLmNvbQ== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\battlefieldheroespatcher@ea.com
FF - Extension: English (Australian) Dictionary: http://forums.spybot.info/misc.php?do=email_dev&email=ZW4tQVVAZGljdGlvbmFyaWVzLmFkZG9ucy5tb3ppbGxhLm9yZw== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\en-AU@dictionaries.addons.mozilla.org
FF - Extension: Read It Later: http://forums.spybot.info/misc.php?do=email_dev&email=aXNyZWFkaXRsYXRlckBpZGVhc2hvd2VyLmNvbQ== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\isreaditlater@ideashower.com
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Extension: Download status: {9fb8c270-7124-11dd-ad8b-0800200c9a66} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: http://forums.spybot.info/misc.php?do=email_dev&email=anFzQHN1bi5jb20= - c:\program files\java\jre6\lib\deploy\jqs\ff
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-29 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-29 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-29 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-3-29 1617408]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-29 1656960]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\david\locals~1\temp\bsi45.tmp --> c:\docume~1\david\locals~1\temp\BSI45.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;c:\program files\garena\plugins\ui\safedrv.sys [2010-9-28 22112]
S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]
=============== Created Last 30 ================
2010-11-28 04:57:17 -------- d-----w- c:\program files\HostsXpert
2010-11-27 09:14:12 -------- d-----w- c:\docume~1\david\locals~1\applic~1\BingoLiner
2010-11-27 05:26:18 388096 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-27 05:26:17 -------- d-----w- c:\program files\Trend Micro
2010-11-27 05:24:05 -------- d-----w- c:\docume~1\david\applic~1\Malwarebytes
2010-11-27 05:23:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-27 05:23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 05:23:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-27 05:23:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-27 05:09:57 -------- d-----w- c:\program files\ESET
2010-11-17 12:19:35 -------- d-----w- c:\documents and settings\david\oni
2010-11-17 12:19:09 -------- d-----w- C:\CyberStep
2010-11-14 09:04:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-11-06 03:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 03:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-10-31 06:18:06 -------- d-----w- c:\program files\WS_FTP
==================== Find3M ====================
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-14 20:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-14 18:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-11 01:57:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-11 01:57:14 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-11 01:56:02 4419584 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-11 01:54:56 16248832 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-11 01:50:34 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-09-11 01:43:44 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-11 01:42:48 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-09-11 01:39:06 3942880 ----a-w- c:\windows\system32\ati3duag.dll
2010-09-11 01:29:12 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-09-11 01:26:58 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-11 01:26:46 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-11 01:26:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-09-11 01:26:34 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-11 01:26:24 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-09-11 01:25:38 2669312 ----a-w- c:\windows\system32\ativvaxx.dll
2010-09-11 01:25:14 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-09-11 01:24:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-09-11 01:23:12 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-11 01:19:56 634880 ----a-w- c:\windows\system32\atikvmag.dll
2010-09-11 01:18:14 192512 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-11 01:17:56 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-09-11 01:13:12 696320 ----a-w- c:\windows\system32\ati2cqag.dll
2010-09-11 01:11:50 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-11 01:11:50 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-04-08 16:48:15 802304 ----a-w- c:\program files\setup.exe
2010-04-08 16:47:16 576000 ----a-w- c:\program files\ISSetup.dll
2010-04-08 16:35:49 473 ----a-w- c:\program files\layout.bin
============= FINISH: 15:11:41.01 ===============
Bump. Help anyone?
Here is my hijackthis log http://forums.spybot.info/showthread.php?t=60627
DDS (Ver_10-11-27.01) - NTFSx86
Run by David at 15:11:02.50 on Sun 28/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1993 [GMT 8:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\IObit\Game Booster\GameBox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\MHotkey.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\ChiFuncExt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Winamp\winamp.exe
C:\Riot Games\League of Legends\lol.launcher.exe
C:\Riot Games\League of Legends\Air\LOLClient.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\documents and settings\david\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Fraps] c:\fraps\FRAPS.EXE
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [MAAgent] c:\program files\markany\contentsafer\MAAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\david\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Note: multiple HOSTS entries found. Please refer to Attach.txt
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - component: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\david\application data\mozilla\firefox\profiles\wjpohr6o.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\david\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: AnyColor: http://forums.spybot.info/misc.php?do=email_dev&email=YW55Y29sb3IucGF2bG9zMjU2QGdtYWlsLmNvbQ== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\anycolor.pavlos256@gmail.com
FF - Extension: Battlefield Heroes Updater: http://forums.spybot.info/misc.php?do=email_dev&email=YmF0dGxlZmllbGRoZXJvZXNwYXRjaGVyQGVhLmNvbQ== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\battlefieldheroespatcher@ea.com
FF - Extension: English (Australian) Dictionary: http://forums.spybot.info/misc.php?do=email_dev&email=ZW4tQVVAZGljdGlvbmFyaWVzLmFkZG9ucy5tb3ppbGxhLm9yZw== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\en-AU@dictionaries.addons.mozilla.org
FF - Extension: Read It Later: http://forums.spybot.info/misc.php?do=email_dev&email=aXNyZWFkaXRsYXRlckBpZGVhc2hvd2VyLmNvbQ== - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\isreaditlater@ideashower.com
FF - Extension: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Extension: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Extension: Download status: {9fb8c270-7124-11dd-ad8b-0800200c9a66} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{9fb8c270-7124-11dd-ad8b-0800200c9a66}
FF - Extension: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Extension: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: QuickRestart: {F645A8C9-E969-42D9-B3F3-F325537222FD} - c:\docume~1\david\applic~1\mozilla\firefox\profiles\wjpohr6o.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: http://forums.spybot.info/misc.php?do=email_dev&email=anFzQHN1bi5jb20= - c:\program files\java\jre6\lib\deploy\jqs\ff
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-29 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-29 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-29 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-17 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-3-29 1617408]
S3 AMBFilt;AMBFilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-29 1656960]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\david\locals~1\temp\bsi45.tmp --> c:\docume~1\david\locals~1\temp\BSI45.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;c:\program files\garena\plugins\ui\safedrv.sys [2010-9-28 22112]
S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]
=============== Created Last 30 ================
2010-11-28 04:57:17 -------- d-----w- c:\program files\HostsXpert
2010-11-27 09:14:12 -------- d-----w- c:\docume~1\david\locals~1\applic~1\BingoLiner
2010-11-27 05:26:18 388096 ----a-r- c:\docume~1\david\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-27 05:26:17 -------- d-----w- c:\program files\Trend Micro
2010-11-27 05:24:05 -------- d-----w- c:\docume~1\david\applic~1\Malwarebytes
2010-11-27 05:23:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-27 05:23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 05:23:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-27 05:23:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-27 05:09:57 -------- d-----w- c:\program files\ESET
2010-11-17 12:19:35 -------- d-----w- c:\documents and settings\david\oni
2010-11-17 12:19:09 -------- d-----w- C:\CyberStep
2010-11-14 09:04:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-11-06 03:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 03:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-10-31 06:18:06 -------- d-----w- c:\program files\WS_FTP
==================== Find3M ====================
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 04:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-14 20:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-14 18:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-11 01:57:20 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-09-11 01:57:14 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-09-11 01:56:02 4419584 ----a-w- c:\windows\system32\aticaldd.dll
2010-09-11 01:54:56 16248832 ----a-w- c:\windows\system32\atioglxx.dll
2010-09-11 01:50:34 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-09-11 01:43:44 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-09-11 01:42:48 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-09-11 01:39:06 3942880 ----a-w- c:\windows\system32\ati3duag.dll
2010-09-11 01:29:12 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-09-11 01:26:58 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-09-11 01:26:46 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-09-11 01:26:40 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-09-11 01:26:34 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-09-11 01:26:24 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-09-11 01:25:38 2669312 ----a-w- c:\windows\system32\ativvaxx.dll
2010-09-11 01:25:14 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-09-11 01:24:02 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-09-11 01:23:12 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-09-11 01:19:56 634880 ----a-w- c:\windows\system32\atikvmag.dll
2010-09-11 01:18:14 192512 ----a-w- c:\windows\system32\atiadlxx.dll
2010-09-11 01:17:56 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-09-11 01:13:12 696320 ----a-w- c:\windows\system32\ati2cqag.dll
2010-09-11 01:11:50 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-09-11 01:11:50 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-04-08 16:48:15 802304 ----a-w- c:\program files\setup.exe
2010-04-08 16:47:16 576000 ----a-w- c:\program files\ISSetup.dll
2010-04-08 16:35:49 473 ----a-w- c:\program files\layout.bin
============= FINISH: 15:11:41.01 ===============
Bump. Help anyone?