Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help, dealrunner wont uninstall :(


  • Please log in to reply
9 replies to this topic

#1 x uncle dan

x uncle dan

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 21 November 2011 - 08:01 PM

hello, i just downloaded a program to view .doc files, and it force downloaded a bunch of junk. well i could un install everything except dealrunner v1.27

i did a google search and found this thread
http://www.bleepingcomputer.com/forums/topic413071.html

im alittle confused, can someone walk me threw it like this guy did? im afraid to restart my computer in fear of this dealrunner focing pop ups, this is my first deal with adware and dont want to do anything worse

OH! i also ran norton 360, and it didnt find dealrunner as spyware?

any help to remove this program is greatly appreciated thank you!

danny

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:31 AM

Posted 21 November 2011 - 10:13 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 x uncle dan

x uncle dan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 22 November 2011 - 05:23 AM

thank you so much for the reply, here are the results of the first process "security check"
Results of screen317's Security Check version 0.99.24
Windows 7 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ SE Runtime Environment 6
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player ( 10.3.181.14) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#4 x uncle dan

x uncle dan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 22 November 2011 - 05:27 AM

here is the log from mini tool box

MiniToolBox by Farbar
Ran by Halliwax (administrator) on 22-11-2011 at 02:24:25
Windows 7 Home Premium (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller = Local Area Connection (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Halliwax-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-19-D2-63-57-A1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-13-A9-4F-67-D7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9c3f:42b6:9840:3151%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.116(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 21, 2011 2:59:26 PM
Lease Expires . . . . . . . . . . : Tuesday, November 22, 2011 4:32:00 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201331625
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-3D-53-AC-00-13-A9-4F-67-D7
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.87.71.230
68.87.73.246
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.ma.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:10b5:910:bde0:eef(Preferred)
Link-local IPv6 Address . . . . . : fe80::10b5:910:bde0:eef%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4750163E-6281-49D3-B8DC-B2C674BB548B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.104
72.14.204.105
72.14.204.103
72.14.204.147
72.14.204.99


Pinging google.com [72.14.204.147] with 32 bytes of data:
Reply from 72.14.204.147: bytes=32 time=69ms TTL=50
Reply from 72.14.204.147: bytes=32 time=69ms TTL=50

Ping statistics for 72.14.204.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 69ms, Maximum = 69ms, Average = 69ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70


Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=92ms TTL=51
Reply from 98.139.180.149: bytes=32 time=47ms TTL=50

Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 47ms, Maximum = 92ms, Average = 69ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 19 d2 63 57 a1 ......Intel® PRO/Wireless 3945ABG Network Connection
11...00 13 a9 4f 67 d7 ......Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.116 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.116 276
192.168.1.116 255.255.255.255 On-link 192.168.1.116 276
192.168.1.255 255.255.255.255 On-link 192.168.1.116 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.116 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.116 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:10b5:910:bde0:eef/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::10b5:910:bde0:eef/128
On-link
11 276 fe80::9c3f:42b6:9840:3151/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/21/2011 04:39:15 PM) (Source: Application Hang) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10d4

Start Time: 01cca8aefc721b14

Termination Time: 15

Application Path: C:\Users\Halliwax\AppData\Local\Temp\_iu14D2N.tmp

Report Id:

Error: (11/21/2011 04:35:20 PM) (Source: Application Hang) (User: )
Description: The program ccSvcHst.exe version 10.1.1.16 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bd0

Start Time: 01cca8a149761213

Termination Time: 140

Application Path: C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

Report Id:

Error: (11/21/2011 04:01:45 PM) (Source: Application Hang) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 330

Start Time: 01cca8a9d59e3617

Termination Time: 0

Application Path: C:\Users\Halliwax\AppData\Local\Temp\_iu14D2N.tmp

Report Id:

Error: (11/21/2011 03:56:39 PM) (Source: Application Hang) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c8

Start Time: 01cca8a91a9da03c

Termination Time: 0

Application Path: C:\Users\Halliwax\AppData\Local\Temp\_iu14D2N.tmp

Report Id:

Error: (11/21/2011 03:55:40 PM) (Source: Application Hang) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b30

Start Time: 01cca8a8f17ab16f

Termination Time: 16

Application Path: C:\Users\Halliwax\AppData\Local\Temp\_iu14D2N.tmp

Report Id:

Error: (11/21/2011 03:54:16 PM) (Source: Application Hang) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15b0

Start Time: 01cca8a8aa913c60

Termination Time: 15

Application Path: C:\Users\Halliwax\AppData\Local\Temp\_iu14D2N.tmp

Report Id:

Error: (11/21/2011 03:05:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: jusched.exe, version: 6.0.0.98, time stamp: 0x44f7f507
Faulting module name: jusched.exe, version: 6.0.0.98, time stamp: 0x44f7f507
Exception code: 0xc0000005
Fault offset: 0x00001cdb
Faulting process id: 0xcbc
Faulting application start time: 0xjusched.exe0
Faulting application path: jusched.exe1
Faulting module path: jusched.exe2
Report Id: jusched.exe3

Error: (11/18/2011 02:20:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: jusched.exe, version: 6.0.0.98, time stamp: 0x44f7f507
Faulting module name: jusched.exe, version: 6.0.0.98, time stamp: 0x44f7f507
Exception code: 0xc0000005
Fault offset: 0x00001cdb
Faulting process id: 0x8c8
Faulting application start time: 0xjusched.exe0
Faulting application path: jusched.exe1
Faulting module path: jusched.exe2
Report Id: jusched.exe3

Error: (11/17/2011 01:57:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: jusched.exe, version: 6.0.0.98, time stamp: 0x44f7f507
Faulting module name: jusched.exe, version: 6.0.0.98, time stamp: 0x44f7f507
Exception code: 0xc0000005
Fault offset: 0x00001cdb
Faulting process id: 0xe5c
Faulting application start time: 0xjusched.exe0
Faulting application path: jusched.exe1
Faulting module path: jusched.exe2
Report Id: jusched.exe3

Error: (11/17/2011 10:26:19 AM) (Source: Application Error) (User: )
Description: Faulting application name: jusched.exe, version: 6.0.0.98, time stamp: 0x44f7f507
Faulting module name: jusched.exe, version: 6.0.0.98, time stamp: 0x44f7f507
Exception code: 0xc0000005
Fault offset: 0x00001cdb
Faulting process id: 0xfb4
Faulting application start time: 0xjusched.exe0
Faulting application path: jusched.exe1
Faulting module path: jusched.exe2
Report Id: jusched.exe3


System errors:
=============
Error: (11/21/2011 02:59:57 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

Error: (11/18/2011 02:15:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

Error: (11/17/2011 01:52:14 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

Error: (11/17/2011 10:21:08 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

Error: (11/16/2011 01:45:41 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error:
%%1056

Error: (11/16/2011 01:44:41 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/16/2011 01:44:27 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/16/2011 01:34:01 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

Error: (11/15/2011 01:32:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp

Error: (11/14/2011 01:39:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Cdr4_xp


Microsoft Office Sessions:
=========================
Error: (11/21/2011 04:39:15 PM) (Source: Application Hang)(User: )
Description: _iu14D2N.tmp51.1052.0.010d401cca8aefc721b1415C:\Users\Halliwax\AppData\Local\Temp\_iu14D2N.tmp

Error: (11/21/2011 04:35:20 PM) (Source: Application Hang)(User: )
Description: ccSvcHst.exe10.1.1.16bd001cca8a149761213140C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe

Error: (11/21/2011 04:01:45 PM) (Source: Application Hang)(User: )
Description: _iu14D2N.tmp51.1052.0.033001cca8a9d59e36170C:\Users\Halliwax\AppData\Local\Temp\_iu14D2N.tmp

Error: (11/21/2011 03:56:39 PM) (Source: Application Hang)(User: )
Description: _iu14D2N.tmp51.1052.0.0c801cca8a91a9da03c0C:\Users\Halliwax\AppData\Local\Temp\_iu14D2N.tmp

Error: (11/21/2011 03:55:40 PM) (Source: Application Hang)(User: )
Description: _iu14D2N.tmp51.1052.0.0b3001cca8a8f17ab16f16C:\Users\Halliwax\AppData\Local\Temp\_iu14D2N.tmp

Error: (11/21/2011 03:54:16 PM) (Source: Application Hang)(User: )
Description: _iu14D2N.tmp51.1052.0.015b001cca8a8aa913c6015C:\Users\Halliwax\AppData\Local\Temp\_iu14D2N.tmp

Error: (11/21/2011 03:05:06 PM) (Source: Application Error)(User: )
Description: jusched.exe6.0.0.9844f7f507jusched.exe6.0.0.9844f7f507c000000500001cdbcbc01cca8a14b929181C:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exe3ff54427-1495-11e1-ad73-0013a94f67d7

Error: (11/18/2011 02:20:03 PM) (Source: Application Error)(User: )
Description: jusched.exe6.0.0.9844f7f507jusched.exe6.0.0.9844f7f507c000000500001cdb8c801cca63f7b16cd2aC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exe75b8f39b-1233-11e1-9201-0019d26357a1

Error: (11/17/2011 01:57:23 PM) (Source: Application Error)(User: )
Description: jusched.exe6.0.0.9844f7f507jusched.exe6.0.0.9844f7f507c000000500001cdbe5c01cca5732dc3aa4aC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exe20892f97-1167-11e1-90da-0013a94f67d7

Error: (11/17/2011 10:26:19 AM) (Source: Application Error)(User: )
Description: jusched.exe6.0.0.9844f7f507jusched.exe6.0.0.9844f7f507c000000500001cdbfb401cca555b2199454C:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exea43068c0-1149-11e1-9154-0013a94f67d7


=========================== Installed Programs ============================



Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 10 Plugin (Version: 10.3.181.14)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe Reader 8 (Version: 8.0.0)
AIM 7
Alps Pointing-device for VAIO
AOL Toolbar 4.0
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Click to DVD 2.0.05 Menu Data (Version: 2.0.05)
Click to DVD 2.6.00 (Version: 2.6.00)
ConvertHelper 2.2
Corel Paint Shop Pro Photo XI (Version: 11.10.0000)
Corel Snapfire (Version: 1.10.0000)
Download Updater (AOL LLC)
Driver Performer (Version: 10.0)
DVD Shrink 3.2
File Type Assistant
Google Desktop (Version: 5.9.1005.12335)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
iTunes (Version: 10.5.1.42)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Excel Viewer (Version: 12.0.6219.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (VAIO_VEDB) (Version: 9.1.2047.00)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NetAssistant (Version: 3.6.5)
Norton 360 (Version: 5.1.0.29)
OpenMG Secure Module 4.6.01 (Version: 4.6.01.10041)
PIXresizer (Version: 2.0.5)
QuickBooks Product Listing Service (Version: 2.0.132)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home (Version: 9.0.148)
Setting Utility Series (Version: 2.0.00.11230)
SonicStage 4.2 (Version: 4.2)
Sony Snymsico for Vista (Version: 1.00.1109)
Sony Utilities DLL (Version: 7.0.00.11210)
Sony Video Shared Library (Version: 3.1.00)
StartNow Toolbar 2.0 (Version: 2.0)
SupportSoft Assisted Service (Version: 15)
TouchCopy 09 (Version: 9.98)
VAIO Azure Float Wallpaper (Version: 1.0.00.10100)
VAIO Central (Version: 2.0.00.120506)
VAIO Entertainment Platform (Version: 2.0.00.11021)
VAIO Event Service (Version: 3.0.00.11240)
VAIO Floral Dusk Wallpaper (Version: 1.0.00.10100)
VAIO Help And Support (Version: 1.00.1201)
VAIO Media 6.0 (Version: 6.0.00)
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.0
VAIO Media Redistribution 6.0 (Version: 6.0.00)
VAIO Media Registration Tool 6.0 (Version: 6.0.00)
VAIO OOBE (Version: 1.00.1127)
VAIO Photo 2007 (Version: 1.0.00.10130)
VAIO Power Management (Version: 2.0.00.11240)
VAIO Security Center (Version: 3.00.1128)
VAIO Survey (Version: 5.00.1206)
VAIO Teal Whisper Wallpaper (Version: 1.0.00.10100)
VAIO Update 3 (Version: 3.0.00.11280)
VAIO Video & Photo Utilities (Version: 1.0.00.11101)
Window Shopper (Version: 01.02.0003)
WinDVD for VAIO (Version: 8.0-B6.103)
Wireless Switch Setting Utility (Version: 3.5.00.11270)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 3062.18 MB
Available physical RAM: 1542.63 MB
Total Pagefile: 6122.64 MB
Available Pagefile: 4645.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.2 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:459.68 GB) (Free:301.39 GB) NTFS

========================= Users: ========================================

User accounts for \\HALLIWAX-PC

Administrator ASPNET Guest
Halliwax


**** End of log ****

#5 x uncle dan

x uncle dan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 22 November 2011 - 05:50 AM

ok here are the results of the malware scan

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8213

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/22/2011 2:46:56 AM
mbam-log-2011-11-22 (02-46-56).txt

Scan type: Quick scan
Objects scanned: 164140
Time elapsed: 4 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

seems like nothing is infected? also this dealrunner hasnt done anything to me yet, i havent opened it, nor have i gotten anything pop up. i have never really experienced malware before, the last time i downloaded a program to shrink pictures, my computer was taken over with a pop up that wouldnt allow me to do anythng, and couldnt access task manager, i just ended up reformatting my computer.

the next step u want me to do i have to restart my computer and hope it doesnt hi-jack it, cross your fingers, and again thanks for all your advice, here we go!

#6 x uncle dan

x uncle dan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 22 November 2011 - 05:59 AM

heres the gmer results

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-22 02:57:43
Windows 6.1.7600
Running: ftw7mu7w.exe; Driver: C:\Users\Halliwax\AppData\Local\Temp\pwlyykod.sys


---- System - GMER 1.0.15 ----

SSDT 88D3B7C0 ZwAlertResumeThread
SSDT 88D3B8A0 ZwAlertThread
SSDT 88D33658 ZwAllocateVirtualMemory
SSDT 86DB5C58 ZwAlpcConnectPort
SSDT 88D37D70 ZwAssignProcessToJobObject
SSDT 88D3B510 ZwCreateMutant
SSDT 88D37C10 ZwCreateSymbolicLinkObject
SSDT 88D33B40 ZwCreateThread
SSDT 88D29308 ZwCreateThreadEx
SSDT 88D26A70 ZwDebugActiveProcess
SSDT 88D33828 ZwDuplicateObject
SSDT 88D33478 ZwFreeVirtualMemory
SSDT 88D3B600 ZwImpersonateAnonymousToken
SSDT 88D3B6E0 ZwImpersonateThread
SSDT 86BE95E8 ZwLoadDriver
SSDT 88D3B008 ZwMapViewOfSection
SSDT 88D37EC8 ZwOpenEvent
SSDT 88D33A08 ZwOpenProcess
SSDT 88D33748 ZwOpenProcessToken
SSDT 88D374B0 ZwOpenSection
SSDT 88D33918 ZwOpenThread
SSDT 88D37908 ZwProtectVirtualMemory
SSDT 88D3B980 ZwResumeThread
SSDT 88D3BC20 ZwSetContextThread
SSDT 88D3BD00 ZwSetInformationProcess
SSDT 88D37298 ZwSetSystemInformation
SSDT 88D37AD0 ZwSuspendProcess
SSDT 88D3BA60 ZwSuspendThread
SSDT 88D32A68 ZwTerminateProcess
SSDT 88D3BB40 ZwTerminateThread
SSDT 88D3BDF0 ZwUnmapViewOfSection
SSDT 88D33568 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E7B539 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA0092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 234 82EA7894 8 Bytes [C0, B7, D3, 88, A0, B8, D3, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 24C 82EA78AC 4 Bytes [58, 36, D3, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 258 82EA78B8 4 Bytes [58, 5C, DB, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 2AC 82EA790C 4 Bytes [70, 7D, D3, 88]

again thank you
.text ntkrnlpa.exe!RtlSidHashLookup + 328 82EA7988 4 Bytes [10, B5, D3, 88]
.text ...
PAGE peauth.sys 9BE19B9B 72 Bytes JMP 9B693E1F

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C32494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C15624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C3250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C28573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C24D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C28819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C2907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C2E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C24C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

im sorry, it seems to have gotten stuck.... im gonna try again

Edited by x uncle dan, 22 November 2011 - 06:01 AM.


#7 x uncle dan

x uncle dan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 22 November 2011 - 06:36 AM

this GMER runs, but randomly stops, it wont complete a scan, first time it stopped about 10 minutes in, now its stopped about 35-40 minutes in ?

i dunno what to go? i clicked copy and heres the log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-22 03:32:03
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9500325AS rev.0001SDM1
Running: ftw7mu7w.exe; Driver: C:\Users\Halliwax\AppData\Local\Temp\pwlyykod.sys


---- System - GMER 1.0.15 ----

SSDT 88D3B7C0 ZwAlertResumeThread
SSDT 88D3B8A0 ZwAlertThread
SSDT 88D33658 ZwAllocateVirtualMemory
SSDT 86DB5C58 ZwAlpcConnectPort
SSDT 88D37D70 ZwAssignProcessToJobObject
SSDT 88D3B510 ZwCreateMutant
SSDT 88D37C10 ZwCreateSymbolicLinkObject
SSDT 88D33B40 ZwCreateThread
SSDT 88D29308 ZwCreateThreadEx
SSDT 88D26A70 ZwDebugActiveProcess
SSDT 88D33828 ZwDuplicateObject
SSDT 88D33478 ZwFreeVirtualMemory
SSDT 88D3B600 ZwImpersonateAnonymousToken
SSDT 88D3B6E0 ZwImpersonateThread
SSDT 86BE95E8 ZwLoadDriver
SSDT 88D3B008 ZwMapViewOfSection
SSDT 88D37EC8 ZwOpenEvent
SSDT 88D33A08 ZwOpenProcess
SSDT 88D33748 ZwOpenProcessToken
SSDT 88D374B0 ZwOpenSection
SSDT 88D33918 ZwOpenThread
SSDT 88D37908 ZwProtectVirtualMemory
SSDT 88D3B980 ZwResumeThread
SSDT 88D3BC20 ZwSetContextThread
SSDT 88D3BD00 ZwSetInformationProcess
SSDT 88D37298 ZwSetSystemInformation
SSDT 88D37AD0 ZwSuspendProcess
SSDT 88D3BA60 ZwSuspendThread
SSDT 88D32A68 ZwTerminateProcess
SSDT 88D3BB40 ZwTerminateThread
SSDT 88D3BDF0 ZwUnmapViewOfSection
SSDT 88D33568 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E7B539 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA0092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 234 82EA7894 8 Bytes [C0, B7, D3, 88, A0, B8, D3, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 24C 82EA78AC 4 Bytes [58, 36, D3, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 258 82EA78B8 4 Bytes [58, 5C, DB, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 2AC 82EA790C 4 Bytes [70, 7D, D3, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 328 82EA7988 4 Bytes [10, B5, D3, 88]
.text ...
PAGE peauth.sys 9BE19B9B 72 Bytes JMP 9B693E1F

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5140] USER32.dll!SetWindowLongA 76DBB1E3 5 Bytes JMP 64D2C350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5140] USER32.dll!SetWindowLongW 76DC6614 5 Bytes JMP 64D2C2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5140] USER32.dll!GetWindowInfo 76DC6A82 5 Bytes JMP 64ADE363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5140] USER32.dll!TrackPopupMenu 76DE4B3B 5 Bytes JMP 64ADE91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5780] ntdll.dll!LdrLoadDll 7707F5B5 5 Bytes JMP 64962EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C32494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C15624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C3250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C28573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C24D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C28819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C2907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C2E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2452] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C24C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0\bin\jucheck.exe[4608] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75095E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

should i just reformat this thing?

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:31 AM

Posted 22 November 2011 - 04:06 PM

Nah.
All logs look clean so if you're not experiencing any issues you should be good to go.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 x uncle dan

x uncle dan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 23 November 2011 - 07:14 PM

hey broni, sorry for the late respond i am without a computer right now and using a friends. my computer now is starting to act weird the norton is running very slow and crashes allot, and the dealrunner is still in the start menu and in the lower corner where the clock is. its also in the start up menu in the msconfig window

i appreciate your help, but i think im out of luck here, i havent connected my computer to the net since the last time i posted, im going to get a external hard drive and back up my family pics and automotive stuff and re format this sucker...

this all happened over trying to view my sisters term paper, shes on a mac lol go figure my computer has always been good, run stable until i try to read a MAC file lol

again thanks for ur advice! you be hearing from me again i have a sound card question ;)

danny

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:07:31 AM

Posted 23 November 2011 - 09:18 PM

No problem :)

Good luck!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users