Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender and Rundll32 issues


  • Please log in to reply
1 reply to this topic

#1 mechboy6000

mechboy6000

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bolivar, OH, USA
  • Local time:08:43 PM

Posted 07 August 2010 - 07:44 PM

About 2 months ago a window popped up and said "Windows Defender has finished downloading the update. Please click OK to finish the updating process." Thinking it was an automatic update that was actually sent by Microsoft, I clicked OK. The next window that opened was a confirmation to allow the program access, I clicked OK, then a third small window opens and contains the following, "This program has stopped working. Windows host process (Rundll32) Microsoft Windows".
Around the same time this all started my computer would shutdown without warning like all the power was suddenly disconnected.
I have an Acer Aspire 7720 running Vista Home Premium service pack 2. I have ran MBAM and the free AVG.
I had the system wiped and reinstalled about 4 months ago after getting the "blue screen of death". Any help or insight would be good.

BC AdBot (Login to Remove)

 


#2 mechboy6000

mechboy6000
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bolivar, OH, USA
  • Local time:08:43 PM

Posted 09 August 2010 - 09:08 PM

Here are the DDS and GMER logs:


DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/9/2010 5:16:06 PM
System Uptime: 8/9/2010 8:03:32 PM (0 hours ago)

Motherboard: Acer | | Poyang
Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz | uPGA-478 | 1667/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 97.621 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4380 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Photosmart C4380 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acer Crystal Eye
Acer Crystal Eye Webcam
Acer Empowering Technology
Acer ePresentation Management
Acer eSettings Management
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
AIO_Scan
Alabama Smith in Escape from Pompeii
Annabel
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Big Fish Games: Game Manager
BOINC
Bonjour
BufferChm
C4380
C4380_Help
Call of Atlantis
Cards_Calendar_OrderGift_DoMorePlugout
Copy
CustomerResearchQFolder
Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Drawn 2 Survey 2
Elixir of Immortality
eSupportQFolder
Farm Frenzy – Pizza Party!
Fax
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
Heroes Of Hellas
Hidden Mysteries: Vampire Secrets
Holly 2 - Magic Land
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart All-In-One Driver Software 10.0 Rel .2
HP Photosmart Essential 2.5
HP Solution Center 10.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Insider Tales – The stolen Venus
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java™ 6 Update 20
LimeWire 5.5.9
Magic Encyclopedia - Moon Light
Magic Encyclopedia. First Story
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Midnight Mysteries: Salem Witch Trials
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Cookbook
Natalie Brooks - Secrets of Treasure House
Natalie Brooks - The Treasures of the Lost Kingdom
NetDeviceManager
OCR Software by I.R.I.S. 10.0
OpenAL
PanoStandAlone
Penny Dreadfuls™ Sweeney Todd
Pocahontas: Princess of the Powhatan
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
PSSWCORE
QuickTime
RealPlayer
RealUpgrade 1.0
Redemption Cemetery: Curse of the Raven Collector's Edition
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Scan
Scepter of Ra
Shop for HP Supplies
SolutionCenter
Sprill - The Mystery of The Bermuda Triangle
Sprill and Ritchie - Adventures In Time
Status
Swag Bucks Toolbar
The Curse Of Montezuma
The Treasures Of Montezuma
The Treasures Of Mystery Island
Toolbox
TrayApp
Treasure Masters, Inc.
Treasure Seekers: Follow the Ghosts
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
VIVA MEDIA GAME CENTER
WebReg
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-09 22:00:19
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kxldypow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!CreateDialogParamW 762C72A2 5 Bytes JMP 04A1432B C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!CreateWindowExW 762D1305 5 Bytes JMP 6F93DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!DialogBoxParamW 762F10B0 5 Bytes JMP 04A144FB C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!DialogBoxIndirectParamW 762F2EF5 5 Bytes JMP 6FA3480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!DialogBoxParamA 76308152 5 Bytes JMP 6FA347AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!DialogBoxIndirectParamA 7630847D 5 Bytes JMP 6FA34872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!MessageBoxIndirectA 7631D4D9 5 Bytes JMP 6FA34741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!MessageBoxIndirectW 7631D5D3 5 Bytes JMP 6FA346D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!MessageBoxExA 7631D639 5 Bytes JMP 6FA34674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!MessageBoxExW 7631D65D 5 Bytes JMP 6FA34612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ws2_32.dll!closesocket 7636330C 5 Bytes JMP 10013DBA C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ws2_32.dll!WSASocketW 763634EB 7 Bytes JMP 10013CE1 C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ws2_32.dll!connect 763640D9 5 Bytes JMP 10013D44 C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ws2_32.dll!getaddrinfo 7636418A 5 Bytes JMP 10013E30 C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ws2_32.dll!bind 7636652F 5 Bytes JMP 10013C6B C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ws2_32.dll!WSAConnect 7636D7B0 5 Bytes JMP 10013D79 C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ws2_32.dll!WSAAsyncGetHostByName 76375FB9 5 Bytes JMP 10013E7E C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2116] ws2_32.dll!gethostbyname 763762D4 5 Bytes JMP 10013DE4 C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!CreateDialogParamW 762C72A2 5 Bytes JMP 0508432B C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!GetAsyncKeyState 762C863C 5 Bytes JMP 6F858EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SetWindowsHookExW 762C87AD 5 Bytes JMP 6F939AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!CallNextHookEx 762C8E3B 5 Bytes JMP 6F92D0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!UnhookWindowsHookEx 762C98DB 5 Bytes JMP 6F8A467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!EnableWindow 762CCD8B 5 Bytes JMP 6F93DD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!CreateWindowExW 762D1305 5 Bytes JMP 6F93DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!GetKeyState 762D8CB1 5 Bytes JMP 6F93D2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!IsDialogMessageW 762E0745 5 Bytes JMP 6F8659D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!CreateDialogParamA 762E17AA 5 Bytes JMP 6FA3547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!IsDialogMessage 762E1847 5 Bytes JMP 6FA34D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!CreateDialogIndirectParamA 762E26F1 5 Bytes JMP 6FA354B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!CreateDialogIndirectParamW 762E9A62 5 Bytes JMP 6FA354E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SetKeyboardState 762F0987 5 Bytes JMP 6FA35086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!DialogBoxParamW 762F10B0 5 Bytes JMP 050844FB C:\Program Files\Swag_Bucks\tbSwag.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!DialogBoxIndirectParamW 762F2EF5 5 Bytes JMP 6FA3480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SendInput 762F2F75 5 Bytes JMP 6FA35C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!EndDialog 762F326E 5 Bytes JMP 6F867E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!SetCursorPos 76306FB2 5 Bytes JMP 6FA35C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!DialogBoxParamA 76308152 5 Bytes JMP 6FA347AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!DialogBoxIndirectParamA 7630847D 5 Bytes JMP 6FA34872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!MessageBoxIndirectA 7631D4D9 5 Bytes JMP 6FA34741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!MessageBoxIndirectW 7631D5D3 5 Bytes JMP 6FA346D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!MessageBoxExA 7631D639 5 Bytes JMP 6FA34674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!MessageBoxExW 7631D65D 5 Bytes JMP 6FA34612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] USER32.dll!keybd_event 7631D972 5 Bytes JMP 6FA35FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] SHELL32.dll!SHRestricted + D95 764189A8 4 Bytes [4D, 30, A9, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] SHELL32.dll!SHRestricted + D9D 764189B0 8 Bytes [57, 2F, A9, 71, 9C, 5B, A8, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ole32.dll!OleLoadFromStream 75CC1E12 5 Bytes JMP 6FA34B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ole32.dll!CoCreateInstance 75CF9EA6 5 Bytes JMP 6F93DB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ws2_32.dll!closesocket 7636330C 5 Bytes JMP 10013DBA C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ws2_32.dll!WSASocketW 763634EB 7 Bytes JMP 10013CE1 C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ws2_32.dll!connect 763640D9 5 Bytes JMP 10013D44 C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ws2_32.dll!getaddrinfo 7636418A 5 Bytes JMP 10013E30 C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ws2_32.dll!bind 7636652F 5 Bytes JMP 10013C6B C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ws2_32.dll!WSAConnect 7636D7B0 5 Bytes JMP 10013D79 C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ws2_32.dll!WSAAsyncGetHostByName 76375FB9 5 Bytes JMP 10013E7E C:\Windows\system32\browseui32.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2632] ws2_32.dll!gethostbyname 763762D4 5 Bytes JMP 10013DE4 C:\Windows\system32\browseui32.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Edited by mechboy6000, 09 August 2010 - 09:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users