Tuvaro infection and probably a lot more!

My significant other decided to try and watch the Blackhawks' games on his PC. In the process, he pretty much said "ok" to any programs that popped up and now has a seriously messed up machine! I've attempted to uninstall all the programs that he downloaded that particular day (most I could successfully get rid of) however his Chrome browser is still being hijacked by Tuvaro and error messages abound.

Please note I DID attempt to run the DDS app as instructed however when I tried to run the program I received an NSIS error message (attaching screen shot). That said, I'm listing the necessary logs in hopes that someone can help, PLEASE! [[I'm treating the time spent on fixing his stupidity as a Father's Day gift, lol!]]

TSG SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU E7300 @ 2.66GHz, x86 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 3325 Mb
Graphics Card: NVIDIA Quadro NVS 290, 256 Mb
Hard Drives: C: Total - 238377 MB, Free - 131668 MB; G: Total - 953865 MB, Free - 361309 MB;
Motherboard: Dell Inc., 0TP412
Antivirus: AVG AntiVirus 2014, Updated: Yes, On-Demand Scanner: Enabled

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:58:58 PM, on 6/15/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 35.0.1916.114
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\All Users\Application Data\IePluginService\PluginService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\gorillaprice\gorillaprice.exe
C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Flash Update\winclient32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
C:\Program Files\Optimizer Pro\OptProSmartScan.exe
C:\Documents and Settings\GWB\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Optimizer Pro\OptProReminder.exe
C:\Documents and Settings\GWB\Application Data\ContentExplorer\ContentExplorer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GWB\Local Settings\Temporary Internet Files\Content.IE5\PPWBTEHI\HijackThis[1].exe
C:\WINDOWS\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwF...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwF...q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsj.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com/web/?type=ds&ts...q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com/web/?type=ds&ts...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwF...q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwF...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com/web/?type=ds&ts...q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com/web/?type=ds&ts...q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1092;https=127.0.0.1:1092;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [YTDownloader] "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
O4 - HKLM\..\Run: [upfst_us_53.exe] C:\Documents and Settings\GWB\Local Settings\Application Data\fst_us_53\upfst_us_53.exe -runhelper
O4 - HKLM\..\Run: [Windows Client Manager] C:\Program Files\Flash Update\winclient32.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows X64 Service Manager] C:\Program Files\FlashNow Updater\flsysio.exe
O4 - HKLM\..\Run: [PC HealthFix] "C:\Documents and Settings\All Users\Application Data\PC HealthFix\PCHealthFix.exe" /runscan
O4 - HKLM\..\Run: [OpenSoftwareUpdater] C:\Program Files\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe
O4 - HKCU\..\Run: [Driver Support] C:\Program Files\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
O4 - HKCU\..\Run: [Amazon Cloud Player] "C:\Documents and Settings\GWB\Local Settings\Application Data\Amazon Cloud Player\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [ContentExplorer] "C:\Documents and Settings\GWB\Application Data\ContentExplorer\ContentExplorer.exe"
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.cftc.gov
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://38.98.147.87/dana-cached/sc/...etupClient.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IePlugin Service (IePluginService) - Cherished Technololgy LIMITED - C:\Documents and Settings\All Users\Application Data\IePluginService\PluginService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: vxlsnyaiet32 - Unknown owner - C:\Program Files\003\vxlsnyaiet32.exe
--
End of file - 12875 bytes

DDS Error Message:

(attached)

GMER - ARK.TXT FILE:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-15 15:21:01
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST325031 rev.4.AD 232.83GB
Running: gf7ix4ck.exe; Driver: C:\DOCUME~1\GWB\LOCALS~1\Temp\fxtdqpod.sys

---- System - GMER 2.1 ----
SSDT 8ACBDD50 ZwAllocateVirtualMemory
SSDT 8ACD4468 ZwCreateKey
SSDT 8ACC68B0 ZwCreateProcess
SSDT 8ACC71B8 ZwCreateProcessEx
SSDT 8ACBD020 ZwCreateThread
SSDT 8ACD43F0 ZwDeleteKey
SSDT 8ACB4198 ZwDeleteValueKey
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB53156E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB5315800]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB5315010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenThread [0xB53154D0]
SSDT 8ACBDDC8 ZwQueueApcThread
SSDT 8ACBDC60 ZwReadVirtualMemory
SSDT 8ACD0148 ZwRenameKey
SSDT 8ACBDEB8 ZwSetContextThread
SSDT 8ACBE460 ZwSetInformationKey
SSDT 8ACB45C0 ZwSetInformationProcess
SSDT 8ACBDF30 ZwSetInformationThread
SSDT 8ACCD210 ZwSetValueKey
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB5315300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB53153E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB5315120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB5315210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB53155E0]
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8857360, 0x33026D, 0xE8000020]
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xAF587A00]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[744] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B99 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1CD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC80 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2184] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7CFF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2312] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbd.sys
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
Device mrxsmb.sys
Device \FileSystem\Fastfat \Fat A145ED20
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbd.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS
---- Services - GMER 2.1 ----
Service C:\Program Files\gorillaprice\gorillaprice.exe (*** hidden *** ) [AUTO] GorillaPrice <-- ROOTKIT !!!
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@ImagePath C:\Program Files\gorillaprice\gorillaprice.exe -service
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@DisplayName GorillaPrice
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice@Description This service will show you offers from GorillaPrice in a seperate window, up to 8 offers per day.
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\GorillaPrice
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@Type 16
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@ImagePath C:\Program Files\gorillaprice\gorillaprice.exe -service
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@DisplayName GorillaPrice
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice@Description This service will show you offers from GorillaPrice in a seperate window, up to 8 offers per day.
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice\Security (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\GorillaPrice\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenW ithList@MRUList acbfed
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\iexplore@Count 771
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}\iexplore@Count 687
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9030D464-4C02-4ABF-8ECC-5164760863C6}\iexplore@Blocked 687
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Count 687
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}\iexplore@Blocked 687
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\iexplore@Count 687
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\iexplore@Blocked 686
---- EOF - GMER 2.1 ----


Thank you in advance for your help and Happy Father's Day to all :)
Mongoosespaz (a/k/a Teresa)

Attached Images

NSIS Error message during DDS install.JPG (11.6 KB)