1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

shut down - safe mode - redirect issues

Discussion in 'Virus & Other Malware Removal' started by rockport2468, Jan 18, 2013.

Thread Status:
Not open for further replies.
  1. rockport2468

    rockport2468 Thread Starter

    Joined:
    Jan 18, 2013
    Messages:
    1
    Hello,
    Thank you for reviewing the logs.
    Have recently had a vast amount of redirects.
    Event Viewer is getting many yellow and red alerts.
    In XP home edition these (and others) Events show up:
    4226 Microsoft lists this as "a burst of activity on a computer is a signal that it may have been infected by a malicious program"
    Other Viewer codes are 1, 7023, 7026, 10005, 7000 and there are others.
    The computer does not shut down, one must stop power.
    Safe mode "shut down" does not work.
    Safe Mode start up does work.
    "System restore" does not work.
    The CD drive does not work in "regular" mode, but in "Safe Mode" it will spin the XP operating disk.
    I have NOT reinstalled or repaired the OS.
    No hardware changes have taken place.

    Here are the log files. Again... Thank you.

    Hijack

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:07:22 PM, on 1/18/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HitmanPro\hmpsched.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Intuit\QAgent\QAGENT.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\UnHackMe\hackmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Evoluent\VMouse\EvoMouseExec.exe
    C:\QUICKENW\QWDLLS.EXE
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\USER\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.notepad.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [QAGENT] C:\Program Files\Intuit\QAgent\QAGENT.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
    O4 - Global Startup: Evoluent Mouse Manager.lnk = ?
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEMenuItem.dll (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: We-Care Add-on - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEMenuItem.dll (file missing) (HKCU)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1355927962844
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe

    --
    End of file - 8611 bytes


    ********************************************


    DDS text file


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
    Run by USER at 17:32:01 on 2013-01-18
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1006.200 [GMT -5:00]
    .
    AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: ESET Personal firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HitmanPro\hmpsched.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
    C:\WINDOWS\system32\Wacom_Tablet.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Intuit\QAgent\QAGENT.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\UnHackMe\hackmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Evoluent\VMouse\EvoMouseExec.exe
    C:\QUICKENW\QWDLLS.EXE
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.notepad.com
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [UnHackMe Monitor] c:\program files\unhackme\hackmon.exe
    mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" BOOT
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [SigmatelSysTrayApp] sttray.exe
    mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
    mRun: [QAGENT] c:\program files\intuit\qagent\QAGENT.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
    mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\evolue~1.lnk - c:\windows\installer\{a93d8bcb-5e78-4e43-aa04-4d2c159626e6}\_5D3F7A665AF4FEE7709022.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\quickenw\QWDLLS.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355927962844
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{3B11DC4E-85DB-4EF9-A80C-D4DF88606974} : DHCPNameServer = 192.168.1.254
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\8i4f9xy8.default-1358546355140\
    FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071503000010.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.124\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 118104]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
    R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2013-1-16 105832]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-15 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-15 682344]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-2-6 2789672]
    R3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [2013-1-16 20024]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-15 21104]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-10-27 15656]
    S3 efavdrv;efavdrv;\??\c:\windows\system32\drivers\efavdrv.sys --> c:\windows\system32\drivers\efavdrv.sys [?]
    S3 mrtRate;mrtRate;\??\c:\documents and settings\user\mrtrate.sys --> c:\documents and settings\user\MRTRATE.SYS [?]
    S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2013-1-16 24416]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile="c:\windows\notepad.exe" "%1"
    ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
    .
    =============== Created Last 30 ================
    .
    2013-01-18 22:15:59 57240 ----a-w- c:\program files\mozilla firefox\updated\plugins\npatgpc.dll
    2013-01-18 14:54:31 96128 -c--a-w- c:\windows\system32\dllcache\ati.dll
    2013-01-18 14:54:31 77568 -c--a-w- c:\windows\system32\dllcache\ati.sys
    2013-01-18 14:54:30 97354 -c--a-w- c:\windows\system32\dllcache\aspndis3.sys
    2013-01-18 14:54:30 14848 -c--a-w- c:\windows\system32\dllcache\asc3550.sys
    2013-01-18 14:54:29 26496 -c--a-w- c:\windows\system32\dllcache\asc.sys
    2013-01-18 14:54:29 22400 -c--a-w- c:\windows\system32\dllcache\asc3350p.sys
    2013-01-18 14:45:43 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
    2013-01-18 14:45:42 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
    2013-01-18 14:45:42 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
    2013-01-18 14:45:41 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
    2013-01-18 14:45:41 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
    2013-01-18 14:45:40 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
    2013-01-18 14:45:40 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
    2013-01-18 14:45:40 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
    2013-01-18 14:45:39 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
    2013-01-18 14:45:39 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
    2013-01-18 14:32:33 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
    2013-01-16 22:20:19 -------- d-----w- c:\program files\Enigma Software Group
    2013-01-16 22:19:55 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
    2013-01-16 22:19:52 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2013-01-16 21:57:05 -------- d-----w- C:\TDSSKiller_Quarantine
    2013-01-16 20:20:36 -------- d-----w- c:\program files\UPHClean
    2013-01-16 18:43:22 39184 ----a-w- c:\windows\system32\Partizan.exe
    2013-01-16 18:41:44 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
    2013-01-16 18:05:31 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2013-01-16 18:05:31 -------- d-----w- c:\documents and settings\all users\application data\RegRun
    2013-01-16 18:03:24 2 --shatr- c:\windows\winstart.bat
    2013-01-16 18:03:10 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
    2013-01-16 18:03:07 -------- d-----w- c:\program files\UnHackMe
    2013-01-16 17:22:57 -------- d-----w- c:\program files\HitmanPro
    2013-01-16 17:21:22 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
    2013-01-16 17:04:55 -------- d-----w- c:\program files\Webroot
    2013-01-16 15:48:02 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2013-01-16 15:47:50 20024 ----a-w- c:\windows\system32\drivers\EvoMouseDriverMini.sys
    2013-01-16 15:47:50 1176312 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
    2013-01-16 04:17:51 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
    2013-01-16 04:17:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2013-01-16 04:17:34 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-16 04:17:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-16 03:58:09 237072 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-15 11:36:03 -------- d-----w- c:\documents and settings\user\local settings\application data\Updater21804
    2013-01-10 00:30:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2013-01-10 00:30:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2013-01-10 00:30:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2013-01-10 00:30:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2013-01-10 00:30:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2013-01-10 00:30:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2013-01-10 00:30:11 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2013-01-09 22:08:37 1409 ----a-w- c:\windows\QTFont.for
    2013-01-09 21:52:21 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2013-01-09 21:51:36 -------- d-----w- c:\program files\iPod
    2013-01-09 21:51:28 -------- d-----w- c:\program files\iTunes
    2013-01-09 21:51:28 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-01-09 21:51:04 -------- d-----w- c:\documents and settings\user\local settings\application data\Apple
    2013-01-09 21:50:46 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
    2013-01-09 21:50:46 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2013-01-09 21:50:26 -------- d-----w- c:\program files\Bonjour
    2013-01-09 21:35:28 -------- d-sh--w- c:\documents and settings\user\PrivacIE
    2013-01-09 21:34:25 -------- d-sh--w- c:\documents and settings\user\IETldCache
    2013-01-09 21:29:53 -------- d-----w- c:\windows\ie8updates
    2013-01-09 21:26:55 -------- dc-h--w- c:\windows\ie8
    2013-01-09 21:23:36 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2013-01-09 21:22:19 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2013-01-09 21:22:13 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2013-01-09 21:22:13 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2013-01-09 21:22:13 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2013-01-09 21:22:12 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2013-01-09 21:22:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2013-01-09 21:22:11 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2013-01-09 21:22:08 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2013-01-08 23:27:48 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2013-01-08 19:53:27 -------- d-----w- c:\program files\Visual Integrity
    2012-12-22 15:20:44 -------- d-----w- c:\documents and settings\user\application data\RealNetworks
    .
    ==================== Find3M ====================
    .
    2013-01-08 23:27:53 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-08 23:27:53 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-22 15:19:27 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-12-22 15:19:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
    2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2008-03-19 17:18:24 2698240 -c--a-w- c:\program files\EvoluentMouse.msi
    2008-03-19 17:18:06 344064 -c--a-w- c:\program files\setup.exe
    1997-07-22 00:30:54 1045776 -csha-w- c:\windows\system32\Msjet35.dll
    1997-06-23 08:00:00 123664 -csha-w- c:\windows\system32\Msjint35.dll
    1997-06-23 17:06:50 24848 -csha-w- c:\windows\system32\Msjter35.dll
    1997-06-23 17:06:50 252176 -csha-w- c:\windows\system32\Msrd2x35.dll
    1997-06-23 17:06:50 287504 -csha-w- c:\windows\system32\Msxbse35.dll
    .
    ============= FINISH: 17:32:52.89 ===============



    **********************************


    attach.txt file

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/31/2006 7:16:02 PM
    System Uptime: 1/18/2013 1:46:42 PM (4 hours ago)
    .
    Motherboard: Intel Corporation | | DQ965GF
    Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | LGA 775 | 2131/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 98 GiB total, 75.162 GiB free.
    D: is FIXED (NTFS) - 200 GiB total, 190.831 GiB free.
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
    Description: CD-ROM Drive
    Device ID: IDE\CDROMPIONEER_DVD-RW__DVR-111D________________1.06____\46_044443343343433345737204C202020202020
    Manufacturer: (Standard CD-ROM drives)
    Name: PIONEER DVD-RW DVR-111D
    PNP Device ID: IDE\CDROMPIONEER_DVD-RW__DVR-111D________________1.06____\46_044443343343433345737204C202020202020
    Service: cdrom
    .
    ==== System Restore Points ===================
    .
    RP1230: 10/20/2012 7:30:40 PM - System Checkpoint
    RP1231: 10/21/2012 8:07:28 PM - System Checkpoint
    RP1232: 10/22/2012 9:26:53 PM - System Checkpoint
    RP1233: 10/24/2012 9:55:01 AM - System Checkpoint
    RP1234: 10/25/2012 10:42:25 AM - System Checkpoint
    RP1235: 10/29/2012 7:33:01 AM - System Checkpoint
    RP1236: 10/30/2012 7:53:03 AM - System Checkpoint
    RP1237: 11/1/2012 7:50:38 AM - System Checkpoint
    RP1238: 11/2/2012 8:07:46 AM - System Checkpoint
    RP1239: 11/3/2012 10:43:42 AM - System Checkpoint
    RP1240: 11/4/2012 9:47:10 AM - System Checkpoint
    RP1241: 11/5/2012 10:37:19 AM - System Checkpoint
    RP1242: 11/6/2012 11:26:42 AM - System Checkpoint
    RP1243: 11/8/2012 1:11:25 PM - System Checkpoint
    RP1244: 12/19/2012 9:41:42 AM - Software Distribution Service 3.0
    RP1245: 12/20/2012 10:10:31 AM - System Checkpoint
    RP1246: 12/21/2012 5:33:17 AM - Software Distribution Service 3.0
    RP1247: 12/22/2012 11:48:17 AM - System Checkpoint
    RP1248: 12/23/2012 12:01:37 PM - System Checkpoint
    RP1249: 12/24/2012 12:07:27 PM - System Checkpoint
    RP1250: 12/25/2012 12:55:52 PM - System Checkpoint
    RP1251: 12/26/2012 3:01:53 PM - System Checkpoint
    RP1252: 12/27/2012 3:03:21 PM - System Checkpoint
    RP1253: 12/28/2012 4:23:55 PM - System Checkpoint
    RP1254: 12/29/2012 4:38:35 PM - System Checkpoint
    RP1255: 12/30/2012 5:09:36 PM - System Checkpoint
    RP1256: 12/31/2012 6:08:46 PM - System Checkpoint
    RP1257: 1/1/2013 6:56:39 PM - System Checkpoint
    RP1258: 1/2/2013 7:02:47 PM - System Checkpoint
    RP1259: 1/4/2013 2:31:09 PM - System Checkpoint
    RP1260: 1/4/2013 10:17:57 PM - Software Distribution Service 3.0
    RP1261: 1/6/2013 3:34:56 PM - System Checkpoint
    RP1262: 1/7/2013 4:53:21 PM - System Checkpoint
    RP1263: 1/8/2013 5:22:10 PM - System Checkpoint
    RP1264: 1/9/2013 3:37:20 PM - Software Distribution Service 3.0
    RP1265: 1/9/2013 4:27:46 PM - Installed Windows Internet Explorer 8.
    RP1266: 1/9/2013 4:28:32 PM - Software Distribution Service 3.0
    RP1267: 1/9/2013 4:51:20 PM - Installed iTunes
    RP1268: 1/9/2013 11:03:35 PM - Software Distribution Service 3.0
    RP1269: 1/11/2013 1:47:51 PM - System Checkpoint
    RP1270: 1/12/2013 2:02:58 PM - System Checkpoint
    RP1271: 1/13/2013 2:51:19 PM - System Checkpoint
    RP1272: 1/14/2013 5:02:51 PM - System Checkpoint
    RP1273: 1/15/2013 3:02:24 PM - Software Distribution Service 3.0
    RP1274: 1/16/2013 10:47:46 AM - Installed Evoluent Mouse Manager
    RP1275: 1/16/2013 2:00:51 PM - RegRun Virus Scan
    RP1276: 1/16/2013 3:20:35 PM - Installed User Profile Hive Cleanup Service
    RP1277: 1/16/2013 5:20:16 PM - Installed SpyHunter
    RP1278: 1/17/2013 11:46:00 PM - Removed SpyHunter
    RP1279: 1/18/2013 2:49:28 AM - Restore Operation
    RP1280: 1/18/2013 2:57:30 AM - Restore Operation
    RP1281: 1/18/2013 3:07:23 AM - Restore Operation
    RP1282: 1/18/2013 9:23:23 AM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    2Wire Wireless Client
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0
    Adobe Reader XI (11.0.01)
    Adobe Shockwave Player
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASPCA Reminder by We-Care.com v4.1.21.1
    AutoCAD 2008 - English
    AutoCAD 2009 - English
    AutoCAD Express Tools Volumes 1-9
    Autodesk DWF Viewer 7
    Autodesk Express Viewer
    Autodesk Land Desktop 2004
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    DAO 3.5
    ESET Online Scanner v3
    ESET Smart Security
    Evoluent Mouse Manager
    Google Chrome
    Google Earth
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    HitmanPro 3.7
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB900399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Format SDK (KB922042)
    Hotfix for Windows Media Format SDK (KB922814)
    Hotfix for Windows Media Format SDK 9.5 (KB905592)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet 6500
    HP Deskjet 6500 Series
    HP Update
    Intel Audio Studio 2.0
    Intel(R) 536EP Modem
    Intel(R) Active Client Manager 2.0 HECI Driver
    Intel(R) PRO Network Connections
    InteractiveCalcs
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 29
    Java(TM) 6 Update 5
    Java(TM) 7 Update 4
    Java(TM) SE Runtime Environment 6 Update 1
    JavaFX 2.1.0
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2000 Premium
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Journal Viewer
    Move Media Player
    Mozilla Firefox 18.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser
    NTI DVD-Maker
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    Octoshape add-in for Adobe Flash Player
    PDF FLY v8.6
    PowerDVD
    Quicken Basic 2000
    QuickTime
    Rhapsody Player Engine
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2586448)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618444)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647516)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2675157)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2699988)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2722913)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761465)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SelectionLinks
    SIGMA Photo Pro 4
    SigmaTel Audio
    Sysadm
    TBS WMP Plug-in
    thinkorswim
    UnHackMe 5.99 release
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    User Profile Hive Cleanup Service
    VBA (2627.01)
    Wacom Tablet
    WebEx
    WebFldrs XP
    Winamp
    Winamp Toolbar for Firefox
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB896097
    Windows Media Hotfix - KB895181
    Windows Media Player 10 Hotfix - KB888656
    Windows Media Player 10 Hotfix - KB895316
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip
    Yahoo! Install Manager
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/18/2013 2:50:10 AM, error: atapi [9] - The device, \Device\Ide\IdePort4, did not respond within the timeout period.
    1/18/2013 1:24:46 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    1/18/2013 1:24:32 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
    1/17/2013 11:14:23 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    1/17/2013 11:13:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/16/2013 5:07:24 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
    1/16/2013 1:01:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    1/15/2013 9:47:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm
    1/15/2013 11:31:58 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    1/15/2013 11:30:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/15/2013 11:29:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    .
    ==== End Of File ===========================


    GMER Log file

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-18 17:50:18
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1a ST3320620AS rev.3.AAE 298.09GB
    Running: z0bmn7cr.exe; Driver: C:\DOCUME~1\USER\LOCALS~1\Temp\pwlyrkob.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF368C4B0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xF368C7F0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF368CAB0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF368C5D0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xF368C8B0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF368C350]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF368C410]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF368C570]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xF368C630]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF368C530]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF368C4F0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF368C670]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xF368C870]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF368C3B0]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF368C430]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xF368C830]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xF368C370]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF368C470]
    SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF368C5F0]

    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [B0, C3, 68, F3, 30, C4, 68, ...]
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF636A380, 0x550AF5, 0xE8000020]
    ? C:\DOCUME~1\USER\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[324] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 00]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1896] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1044A642 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1896] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 1044AC18 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2348] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3144] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0150ED80 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3540] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01855505 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3540] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018554E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3540] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 015253B7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3540] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01855463 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- EOF - GMER 2.0 ----


    Cheers
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085868

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice