Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

realupgrade


  • This topic is locked This topic is locked
3 replies to this topic

#1 mikeminnix

mikeminnix

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC, USA
  • Local time:07:37 AM

Posted 17 October 2010 - 05:54 AM

When closing Internet Explorer, I get two instances of realupgrade popup. Sofar, my computer is working normally except for the popups. After reading a few of the other helps on this subject is seemed wise to ask assistance. As per your request for info:


DDS (Ver_10-10-10.03) - NTFSx86
Run by Mike at 5:42:03.55 on Sun 10/17/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1983.1029 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! Antivirus *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\mixer.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mike\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.altavista.com/
BHO: Disabled:{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: Disabled:{3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: Disabled:{78104A01-8E71-4F30-9A36-3793799615B4} - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [UVS11 Preload] g:\ulead\uvPL.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QueryExplorer Service] "c:\programdata\queryexplorer\queryexplorer117.exe" "c:\program files\queryexplorer\queryexplorer.dll" daletagupuni
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.4\transfer utility\CameraMonitor.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-9 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-9 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-9 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-9 40384]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2010-4-27 147563]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-9 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-9 40384]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [2010-4-6 25992]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [2010-4-6 22024]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 23048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 QueryExplorer Service;QueryExplorer Service;"c:\programdata\queryexplorer\queryexplorer116.exe" "c:\program files\queryexplorer\queryexplorer.dll" zihopejo --> c:\programdata\queryexplorer\queryexplorer116.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-8-29 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-8-29 8456]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-9 21504]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-9-17 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-9-17 11104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-17 08:42:03 528 ----a-r- C:\MediaID.bin
2010-10-15 05:49:44 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{99877936-2b49-4f0e-ac7e-8de66c42b0dc}\mpengine.dll
2010-10-14 13:44:36 54272 ----a-w- c:\windows\system32\GKSUI14.EXE
2010-10-14 13:20:38 748616 ----a-w- c:\windows\system32\Actbar2.ocx
2010-10-14 13:20:38 294912 ----a-w- c:\windows\system32\sstabs2.ocx
2010-10-14 13:20:36 995383 ----a-w- c:\windows\system32\temp.00D
2010-10-14 13:20:36 290869 ----a-w- c:\windows\system32\temp.00E
2010-10-14 13:20:35 49152 ----a-w- c:\windows\system32\ltlst12n.dll
2010-10-14 13:20:35 32256 ----a-w- c:\windows\system32\lttmb12n.dll
2010-10-14 13:20:35 176128 ----a-w- c:\windows\system32\ltlst12n.ocx
2010-10-14 13:20:35 140288 ----a-w- c:\windows\system32\lttmb12n.ocx
2010-10-14 13:20:32 16896 ----a-w- c:\windows\system32\temp.00B
2010-10-14 13:20:32 143632 ----a-w- c:\windows\system32\temp.00C
2010-10-14 13:20:27 3856 ----a-w- c:\windows\system32\temp.00A
2010-10-14 13:20:27 -------- d-----w- c:\program files\Click'N Design 3D
2010-10-13 23:15:35 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 23:15:34 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:13:59 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-10 17:48:20 -------- d-----w- c:\users\mike\appdata\roaming\Free PDF to Word Converter
2010-10-10 11:12:30 -------- d-----w- c:\program files\QueryExplorer
2010-10-10 11:12:30 -------- d-----w- c:\progra~2\QueryExplorer
2010-10-10 00:00:18 -------- d-----w- c:\program files\Cool PDF Reader
2010-10-09 23:45:30 -------- d-----w- c:\users\mike\appdata\roaming\Downloaded Installations
2010-10-03 12:46:03 -------- d-----r- c:\users\mike\appdata\roaming\Brother
2010-10-03 00:19:16 -------- d-----w- c:\program files\common files\xing shared
2010-10-02 19:16:34 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-10-02 19:16:34 544768 ----a-w- c:\windows\system32\wbocx.ocx
2010-10-02 19:16:34 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-10-02 19:16:34 33968 ----a-w- c:\windows\system32\anim.dll
2010-10-02 19:16:34 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-10-02 19:16:33 -------- d-----w- c:\program files\WinUtilities
2010-10-02 10:49:17 -------- d-----w- c:\program files\DsNET Corp
2010-09-29 05:51:29 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 05:51:23 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-26 14:11:27 -------- d-----w- c:\users\mike\appdata\local\Google
2010-09-22 22:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-09-18 15:33:32 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2010-09-18 15:33:32 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2010-09-18 15:33:32 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2010-09-18 15:33:32 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-18 15:33:32 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-09-18 15:33:32 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-18 15:33:32 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2010-09-18 15:33:32 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-18 15:33:32 1174528 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-18 15:33:31 797184 ----a-w- c:\windows\system32\FntCache.dll
2010-09-18 15:33:31 1068032 ----a-w- c:\windows\system32\DWrite.dll
2010-09-18 15:33:30 680960 ----a-w- c:\windows\system32\d2d1.dll
2010-09-18 15:32:47 -------- d-----w- c:\program files\Feedback Tool

==================== Find3M ====================

2010-10-01 19:20:50 307200 ----a-w- c:\windows\system32\TubeFinder.exe
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 19:31:12 725064 ----a-w- c:\windows\system32\pwNative.exe
2010-08-16 19:31:08 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-08-16 19:31:06 11104 ------w- c:\windows\system32\pwdspio.sys
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-05 21:16:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-08-05 21:16:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-27 22:42:50 1774720 ----a-w- c:\windows\system32\BootMan.exe

============= FINISH: 5:42:40.80 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/9/2010 6:35:54 AM
System Uptime: 10/14/2010 3:17:26 AM (74 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | C51-MCP51
Processor: AMD Athlon™ 64 Processor 3700+ | Socket 7 | 2200/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 413 GiB total, 344.534 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 233 GiB total, 230.422 GiB free.
G: is FIXED (NTFS) - 285 GiB total, 263.399 GiB free.
H: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP259: 10/9/2010 7:45:56 PM - Installed Nitro PDF Reader
RP260: 10/9/2010 7:51:55 PM - Installed Nitro PDF Reader
RP261: 10/9/2010 7:58:39 PM - Installed Nitro PDF Reader
RP262: 10/10/2010 5:31:03 PM - Scheduled Checkpoint
RP263: 10/12/2010 12:00:02 AM - Scheduled Checkpoint
RP264: 10/12/2010 7:40:56 AM - Windows Update
RP265: 10/13/2010 12:00:01 AM - Scheduled Checkpoint
RP266: 10/14/2010 12:00:02 AM - Scheduled Checkpoint
RP267: 10/14/2010 3:00:15 AM - Windows Update
RP269: 10/14/2010 9:19:37 AM - Click'N Design 3D Installation
RP270: 10/15/2010 12:00:02 AM - Scheduled Checkpoint
RP271: 10/15/2010 1:49:32 AM - Windows Update
RP272: 10/16/2010 12:00:01 AM - Scheduled Checkpoint
RP273: 10/17/2010 12:00:01 AM - Scheduled Checkpoint
RP274: 10/17/2010 4:42:03 AM - Windows Backup
RP275: 10/17/2010 4:44:59 AM - Windows Backup

==== Installed Programs ======================

Acrobat.com
Address Book
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
aTube Catcher
avast! Free Antivirus
AviSplit Classic Version 1.43
AVS DVD Player version 2.2
AVS DVDMenu Editor 1.2.1.19
AVS Video Tools 5.6
BlueSoleil 6.4.314.3
Brother MFL-Pro Suite
BS.Player FREE
CANON iMAGE GATEWAY Album Plugin Utility
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Click'N Design 3D
CloneDVD2
Collage Maker 2.03
CompuPic Pro
Cool PDF Reader 3.0
ddcrypt 2.0
DivX Setup
Driver Detective
DVD43 v4.6.0
EASEUS Partition Master 6.1.1 Home Edition
Feedback Tool
ffdshow
FM Screen Capture Codec (Remove Only)
Free FLV Converter V 6.93.0
FreeCommander 2009.02a
GOM Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageMixer 3 SE Ver.4 Transfer Utility
ImageMixer 3 SE Ver.4 Video Tools
InterVideo DeviceService
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money 2006
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MiniTool Partition Wizard Home Edition 5.2
Mozilla Thunderbird (3.0.4)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Transfer Utility Ver.1
Nokia Connectivity Cable Driver
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PandoraRecovery (Remove Only)
PC Connectivity Solution
PCI Audio Driver
PhotoStitch
PVSonyDll
QueryExplorer 1.0 build 117
QuickTime
RealPlayer
RealUpgrade 1.0
Recover Files 2.0
Rights Management Add-on for Internet Explorer
SamsungConnectivityCableDriver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SmartSound Quicktracks Plugin
Ulead VideoStudio 11
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
VC80CRTRedist - 8.0.50727.4053
VideoStudio
VLC media player 1.1.1
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinRAR archiver
WinUtilities 9.85 Free Edition
YouTube Downloader 2.5.6

==== Event Viewer Messages From Past Week ========

10/14/2010 3:19:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
10/12/2010 3:20:19 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Brother PC-FAX v.2 with shared resource name Brother PC-FAX v.2. Error 2114. The printer cannot be used by others on the network.
10/12/2010 3:20:19 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Brother MFC-440CN USB Printer with shared resource name Brother MFC-440CN USB Printer. Error 2114. The printer cannot be used by others on the network.
10/10/2010 12:59:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/10/2010 12:59:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/10/2010 12:59:49 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
10/10/2010 12:59:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
10/10/2010 12:59:48 PM, Error: EventLog [6008] - The previous system shutdown at 8:20:41 AM on 10/10/2010 was unexpected.
10/10/2010 1:00:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/10/2010 1:00:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/10/2010 1:00:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

==== End Of File ===========================


GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-17 06:36:28
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Mike\AppData\Local\Temp\fxldapoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E275BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E2759D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E275B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 81FB4DF0 7 Bytes JMP 8E275B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8202028F 5 Bytes JMP 8E2715D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82079063 5 Bytes JMP 8E272FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 8207A905 7 Bytes JMP 8E2759D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 820DA90A 7 Bytes JMP 8E275BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!CreateWindowExW 76651305 5 Bytes JMP 7093DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!DialogBoxParamW 766710B0 5 Bytes JMP 708654F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!DialogBoxIndirectParamW 76672EF5 5 Bytes JMP 70A35027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!DialogBoxParamA 76688152 5 Bytes JMP 70A34FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!DialogBoxIndirectParamA 7668847D 5 Bytes JMP 70A3508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!MessageBoxIndirectA 7669D4D9 5 Bytes JMP 70A34F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!MessageBoxIndirectW 7669D5D3 5 Bytes JMP 70A34EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!MessageBoxExA 7669D639 5 Bytes JMP 70A34E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[288] USER32.dll!MessageBoxExW 7669D65D 5 Bytes JMP 70A34E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1544] kernel32.dll!SetUnhandledExceptionFilter 770CA84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!CreateDialogParamW 766472A2 5 Bytes JMP 7093DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!GetAsyncKeyState 7664863C 5 Bytes JMP 70858F0F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!SetWindowsHookExW 766487AD 5 Bytes JMP 70939AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!CallNextHookEx 76648E3B 5 Bytes JMP 7092D14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!UnhookWindowsHookEx 766498DB 5 Bytes JMP 708A4686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!EnableWindow 7664CD8B 5 Bytes JMP 7093DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!CreateWindowExW 76651305 5 Bytes JMP 7093DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!GetKeyState 76658CB1 5 Bytes JMP 7093D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!IsDialogMessageW 76660745 5 Bytes JMP 70865A07 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!CreateDialogParamA 766617AA 5 Bytes JMP 70A35C93 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!IsDialogMessage 76661847 5 Bytes JMP 70A3552F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!CreateDialogIndirectParamA 766626F1 5 Bytes JMP 70A35CCA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!CreateDialogIndirectParamW 76669A62 5 Bytes JMP 70A35D01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!SetKeyboardState 76670987 5 Bytes JMP 70A3589E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxParamW 766710B0 5 Bytes JMP 708654F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxIndirectParamW 76672EF5 5 Bytes JMP 70A35027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!SendInput 76672F75 5 Bytes JMP 70A3645B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!EndDialog 7667326E 5 Bytes JMP 70867EAE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!SetCursorPos 76686FB2 5 Bytes JMP 70A364AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxParamA 76688152 5 Bytes JMP 70A34FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!DialogBoxIndirectParamA 7668847D 5 Bytes JMP 70A3508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxIndirectA 7669D4D9 5 Bytes JMP 70A34F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxIndirectW 7669D5D3 5 Bytes JMP 70A34EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxExA 7669D639 5 Bytes JMP 70A34E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!MessageBoxExW 7669D65D 5 Bytes JMP 70A34E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] USER32.dll!keybd_event 7669D972 5 Bytes JMP 70A367DF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] SHELL32.dll!SHRestricted + D95 756889A8 4 Bytes [4D, 30, FB, 69]
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] SHELL32.dll!SHRestricted + D9D 756889B0 8 Bytes [57, 2F, FB, 69, 9C, 5B, FA, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] ole32.dll!OleLoadFromStream 76131E80 5 Bytes JMP 70A3538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2124] ole32.dll!CoCreateInstance 76169F3E 5 Bytes JMP 7093DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CreateDialogParamW 766472A2 5 Bytes JMP 7093DED0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!GetAsyncKeyState 7664863C 5 Bytes JMP 70858F0F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!SetWindowsHookExW 766487AD 5 Bytes JMP 70939AED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CallNextHookEx 76648E3B 5 Bytes JMP 7092D14D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!UnhookWindowsHookEx 766498DB 5 Bytes JMP 708A4686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!EnableWindow 7664CD8B 5 Bytes JMP 7093DD5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CreateWindowExW 76651305 5 Bytes JMP 7093DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!GetKeyState 76658CB1 5 Bytes JMP 7093D30B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!IsDialogMessageW 76660745 5 Bytes JMP 70865A07 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CreateDialogParamA 766617AA 5 Bytes JMP 70A35C93 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!IsDialogMessage 76661847 5 Bytes JMP 70A3552F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CreateDialogIndirectParamA 766626F1 5 Bytes JMP 70A35CCA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CreateDialogIndirectParamW 76669A62 5 Bytes JMP 70A35D01 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!SetKeyboardState 76670987 5 Bytes JMP 70A3589E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxParamW 766710B0 5 Bytes JMP 708654F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxIndirectParamW 76672EF5 5 Bytes JMP 70A35027 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!SendInput 76672F75 5 Bytes JMP 70A3645B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!EndDialog 7667326E 5 Bytes JMP 70867EAE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!SetCursorPos 76686FB2 5 Bytes JMP 70A364AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxParamA 76688152 5 Bytes JMP 70A34FC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxIndirectParamA 7668847D 5 Bytes JMP 70A3508A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxIndirectA 7669D4D9 5 Bytes JMP 70A34F59 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxIndirectW 7669D5D3 5 Bytes JMP 70A34EEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxExA 7669D639 5 Bytes JMP 70A34E8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxExW 7669D65D 5 Bytes JMP 70A34E2A C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!keybd_event 7669D972 5 Bytes JMP 70A367DF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] SHELL32.dll!SHRestricted + D95 756889A8 4 Bytes [4D, 30, FB, 69]
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] SHELL32.dll!SHRestricted + D9D 756889B0 8 Bytes [57, 2F, FB, 69, 9C, 5B, FA, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] ole32.dll!OleLoadFromStream 76131E80 5 Bytes JMP 70A3538F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] ole32.dll!CoCreateInstance 76169F3E 5 Bytes JMP 7093DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-2 dvd43llh.sys (dvd43llh.sys/RIF)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94024f6d
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a94024f6d@5492be45d27c 0xEB 0x79 0x33 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a94024f6d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a94024f6d@5492be45d27c 0xEB 0x79 0x33 0x00 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

OS Name Microsoft® Windows Vista™ Home Premium
Version 6.0.6002 Service Pack 2 Build 6002
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name DESKTOP
System Manufacturer GBT___
System Model AWRDACPI
System Type X86-based PC
Processor AMD Athlon™ 64 Processor 3700+, 2200 Mhz, 1 Core(s), 1 Logical Processor(s)
BIOS Version/Date Award Software International, Inc. F2, 10/6/2005
SMBIOS Version 2.3
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "6.0.6002.18005"
User Name DESKTOP\Mike
Time Zone Eastern Daylight Time
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 1.94 GB
Available Physical Memory 1.13 GB
Total Virtual Memory 4.11 GB
Available Virtual Memory 3.15 GB
Page File Space 2.23 GB
Page File C:\pagefile.sys
Harddrive 750GB

EDIT: Topics and posts merged ~BP

Edited by Budapest, 17 October 2010 - 04:36 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,654 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:37 PM

Posted 27 October 2010 - 02:22 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 mikeminnix

mikeminnix
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NC, USA
  • Local time:07:37 AM

Posted 27 October 2010 - 03:28 PM

After trying the search utility with no luck, and manually searching the program files for the umpteenth time, I finally found the program in the real player file. Had to show all hidden files, etc. Anyway, there was an uninstall utility that actually seems to have worked. Haven't had the problem for a week now, so I assume it's fixed.
Sorry to have been a bother, but in all the info I read, it seemed a complicated thing to remove. I want to thank you for your time and your response, Mike Minnix.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,654 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:37 PM

Posted 27 October 2010 - 03:35 PM

I'm glad to hear you got this fixed. :) Thank you for letting me know.

This topic will now be closed. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users