Hey guys, I've recently been having issues with my computer. It starts up fine but when if i leave it alone for 10 minutes or so (screen saver turned off) i receive an error message (I did not write it down and have been trying to get it to re-occure, as soon as i do ill post the message) then my computer wont open any files. Ill try to reboot and it wont ever shut off forcing me to force shut it off by holding the power button. Also I ran all the recommended programs.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5138
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/12/2011 10:14:44 AM
mbam-log-2011-01-12 (10-14-44).txt
Scan type: Quick scan
Objects scanned: 188509
Time elapsed: 8 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-12 09:59:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD3200AAKS-75L9A0 rev.02.03E02
Running: lszko99k.exe; Driver: C:\DOCUME~1\DISPAT~1\LOCALS~1\Temp\kwlcapow.sys
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[2864] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CD000C
.text C:\WINDOWS\Explorer.EXE[2864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE000A
.text C:\WINDOWS\Explorer.EXE[2864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CF000A
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D6000C
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
.text C:\WINDOWS\System32\svchost.exe[1188] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E0000A
.text C:\WINDOWS\system32\wuauclt.exe[1928] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0126000C
.text C:\WINDOWS\system32\wuauclt.exe[1928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0127000A
.text C:\WINDOWS\system32\wuauclt.exe[1928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0128000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD3200AAKS-75L9A0___________________02.03E02#5&125555f1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 89DB0292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89DB0292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89DB0292
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;
---- System - GMER 1.0.15 ----
SSDT 98C9FC40 ZwOpenProcess
SSDT 98C9FC45 ZwOpenThread
SSDT 98C9FC54 ZwCreateThread
SSDT 98C9FC5E ZwCreateKey
SSDT 98C9FC63 ZwDeleteKey
SSDT 98C9FC68 ZwSetValueKey
SSDT 98C9FC6D ZwDeleteValueKey
SSDT 98C9FC72 ZwLoadKey
SSDT 98C9FC77 ZwRestoreKey
SSDT 98C9FC7C ZwReplaceKey
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2010 2:14:41 PM
System Uptime: 1/12/2011 9:48:09 AM (1 hours ago)
Motherboard: Dell Inc. | | 0F0TGN
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2926/1066mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 298 GiB total, 276.391 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 932 GiB total, 900.832 GiB free.
F: is Removable
S: is NetworkDisk (NTFS) - 1758 GiB total, 1216.993 GiB free.
Z: is NetworkDisk (NTFS) - 1758 GiB total, 1216.993 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 12/1/2010 1:57:09 PM - System Checkpoint
RP2: 12/1/2010 2:12:18 PM - Microsoft Forefront Client Security Checkpoint
RP3: 12/2/2010 2:44:57 PM - System Checkpoint
RP4: 12/3/2010 3:28:23 AM - Microsoft Forefront Client Security Checkpoint
RP5: 12/7/2010 11:08:54 AM - System Checkpoint
RP6: 12/9/2010 9:35:14 AM - Removed CardMinder
RP7: 12/9/2010 9:36:37 AM - Removed ScanSnap Manager
RP8: 12/9/2010 9:37:36 AM - Removed ScanSnap Organizer
RP9: 12/13/2010 9:40:26 AM - Microsoft Forefront Client Security Checkpoint
RP10: 12/14/2010 12:54:16 PM - System Checkpoint
RP11: 12/15/2010 10:50:49 AM - Installed HiJackThis
RP12: 12/16/2010 12:28:44 PM - System Checkpoint
RP13: 12/23/2010 7:09:41 AM - System Checkpoint
RP14: 1/12/2011 7:52:23 AM - Removed HiJackThis
==== Hosts File Hijack ======================
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 172.16.1.2 pmi-file01
Hosts: 172.16.1.2 pmi-file01.PMI.esi
Hosts: 172.16.1.3 pmi-mail01
Hosts: 172.16.1.3 pmi-mail01.PMI.esi
Hosts: 172.16.1.4 pmi-storage01
Hosts: 172.16.1.4 pmi-storage01.PMI.esi
==== Installed Programs ======================
32 Bit HP CIO Components Installer
ABBYY FineReader for ScanSnap (TM) 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BufferChm
C4380
C4380_doccd
C4380_Help
CardMinder V4.0
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
Facebook Plug-In
Fax
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
I.R.I.S. OCR
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 19
Malwarebytes' Anti-Malware
MarketResearch
Marketsplash Shortcuts
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft English TTS Engine
Microsoft Forefront Client Security Antimalware Service
Microsoft Forefront Client Security State Assessment Service
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Operations Manager 2005 Agent
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets & Trips 2010
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
Mozilla Firefox (3.6.13)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
OGA Notifier 2.0.0048.0
PanoStandAlone
PDF Splitter
PowerDVD DX
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SAPI Wrapper
Scan
Scan to Microsoft SharePoint
ScanSnap
ScanSnap Organizer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SolutionCenter
Spybot - Search & Destroy
ST Microelectronics TPM Driver Installer
Status
System Tool2011
Toolbox
TrayApp
TTS Wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
UPEK TouchChip Fingerprint Reader
VideoToolkit01
WebFldrs XP
WebReg
Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
1/5/2011 9:37:09 AM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
1/5/2011 9:36:14 AM, error: NETLOGON [5719] - No Domain Controller is available for domain PMI due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/12/2011 9:35:44 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The LabtechAgent CheckUp Util service terminated unexpectedly. It has done this 1 time(s).
1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The MOM service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The LabtechAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 20000 milliseconds: Restart the service.
1/12/2011 9:35:42 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security State Assessment Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/12/2011 8:34:17 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
1/12/2011 8:34:17 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\DISPAT~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
1/12/2011 8:34:17 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/12/2011 7:06:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PBADRV
==== End Of File ===========================
DDS (Ver_10-12-12.02) - NTFSx86
Run by dispatcher at 10:00:14.52 on Wed 01/12/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.990 [GMT -8:00]
AV: Microsoft Forefront Client Security *Enabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\LTSVC\LTSVC.exe
C:\WINDOWS\LTSvc\LTSvcMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\LTSvc\LTTray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\dispatcher\Desktop\dds.scr
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5138
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/12/2011 10:14:44 AM
mbam-log-2011-01-12 (10-14-44).txt
Scan type: Quick scan
Objects scanned: 188509
Time elapsed: 8 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-12 09:59:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD3200AAKS-75L9A0 rev.02.03E02
Running: lszko99k.exe; Driver: C:\DOCUME~1\DISPAT~1\LOCALS~1\Temp\kwlcapow.sys
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[2864] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CD000C
.text C:\WINDOWS\Explorer.EXE[2864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE000A
.text C:\WINDOWS\Explorer.EXE[2864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CF000A
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D6000C
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A
.text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
.text C:\WINDOWS\System32\svchost.exe[1188] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E0000A
.text C:\WINDOWS\system32\wuauclt.exe[1928] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0126000C
.text C:\WINDOWS\system32\wuauclt.exe[1928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0127000A
.text C:\WINDOWS\system32\wuauclt.exe[1928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0128000A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD3200AAKS-75L9A0___________________02.03E02#5&125555f1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 89DB0292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89DB0292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89DB0292
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;
---- System - GMER 1.0.15 ----
SSDT 98C9FC40 ZwOpenProcess
SSDT 98C9FC45 ZwOpenThread
SSDT 98C9FC54 ZwCreateThread
SSDT 98C9FC5E ZwCreateKey
SSDT 98C9FC63 ZwDeleteKey
SSDT 98C9FC68 ZwSetValueKey
SSDT 98C9FC6D ZwDeleteValueKey
SSDT 98C9FC72 ZwLoadKey
SSDT 98C9FC77 ZwRestoreKey
SSDT 98C9FC7C ZwReplaceKey
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2010 2:14:41 PM
System Uptime: 1/12/2011 9:48:09 AM (1 hours ago)
Motherboard: Dell Inc. | | 0F0TGN
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2926/1066mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 298 GiB total, 276.391 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 932 GiB total, 900.832 GiB free.
F: is Removable
S: is NetworkDisk (NTFS) - 1758 GiB total, 1216.993 GiB free.
Z: is NetworkDisk (NTFS) - 1758 GiB total, 1216.993 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 12/1/2010 1:57:09 PM - System Checkpoint
RP2: 12/1/2010 2:12:18 PM - Microsoft Forefront Client Security Checkpoint
RP3: 12/2/2010 2:44:57 PM - System Checkpoint
RP4: 12/3/2010 3:28:23 AM - Microsoft Forefront Client Security Checkpoint
RP5: 12/7/2010 11:08:54 AM - System Checkpoint
RP6: 12/9/2010 9:35:14 AM - Removed CardMinder
RP7: 12/9/2010 9:36:37 AM - Removed ScanSnap Manager
RP8: 12/9/2010 9:37:36 AM - Removed ScanSnap Organizer
RP9: 12/13/2010 9:40:26 AM - Microsoft Forefront Client Security Checkpoint
RP10: 12/14/2010 12:54:16 PM - System Checkpoint
RP11: 12/15/2010 10:50:49 AM - Installed HiJackThis
RP12: 12/16/2010 12:28:44 PM - System Checkpoint
RP13: 12/23/2010 7:09:41 AM - System Checkpoint
RP14: 1/12/2011 7:52:23 AM - Removed HiJackThis
==== Hosts File Hijack ======================
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 172.16.1.2 pmi-file01
Hosts: 172.16.1.2 pmi-file01.PMI.esi
Hosts: 172.16.1.3 pmi-mail01
Hosts: 172.16.1.3 pmi-mail01.PMI.esi
Hosts: 172.16.1.4 pmi-storage01
Hosts: 172.16.1.4 pmi-storage01.PMI.esi
==== Installed Programs ======================
32 Bit HP CIO Components Installer
ABBYY FineReader for ScanSnap (TM) 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Avira AntiVir Personal - Free Antivirus
BioAPI Framework
Bonjour
Broadcom NetXtreme-I Netlink Driver and Management Installer
BufferChm
C4380
C4380_doccd
C4380_Help
CardMinder V4.0
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
Facebook Plug-In
Fax
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
I.R.I.S. OCR
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 19
Malwarebytes' Anti-Malware
MarketResearch
Marketsplash Shortcuts
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft English TTS Engine
Microsoft Forefront Client Security Antimalware Service
Microsoft Forefront Client Security State Assessment Service
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Operations Manager 2005 Agent
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets & Trips 2010
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
Mozilla Firefox (3.6.13)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
OGA Notifier 2.0.0048.0
PanoStandAlone
PDF Splitter
PowerDVD DX
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SAPI Wrapper
Scan
Scan to Microsoft SharePoint
ScanSnap
ScanSnap Organizer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SolutionCenter
Spybot - Search & Destroy
ST Microelectronics TPM Driver Installer
Status
System Tool2011
Toolbox
TrayApp
TTS Wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
UPEK TouchChip Fingerprint Reader
VideoToolkit01
WebFldrs XP
WebReg
Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
1/5/2011 9:37:09 AM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
1/5/2011 9:36:14 AM, error: NETLOGON [5719] - No Domain Controller is available for domain PMI due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
1/12/2011 9:35:44 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The LabtechAgent CheckUp Util service terminated unexpectedly. It has done this 1 time(s).
1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The MOM service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The LabtechAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 20000 milliseconds: Restart the service.
1/12/2011 9:35:42 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security State Assessment Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/12/2011 8:34:17 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
1/12/2011 8:34:17 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\DISPAT~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
1/12/2011 8:34:17 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
1/12/2011 7:06:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PBADRV
==== End Of File ===========================
DDS (Ver_10-12-12.02) - NTFSx86
Run by dispatcher at 10:00:14.52 on Wed 01/12/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.990 [GMT -8:00]
AV: Microsoft Forefront Client Security *Enabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\LTSVC\LTSVC.exe
C:\WINDOWS\LTSvc\LTSvcMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\LTSvc\LTTray.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\dispatcher\Desktop\dds.scr