Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing "xp repair" malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 brenm2

brenm2

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:02:05 PM

Posted 03 July 2011 - 10:12 AM

Hi i'm trying to remove the "xp repair" malware from my friends pc.

I tried your guide for removing this infection but i couldn't install malwarebytes, i kept getting an access denied error.

I think i've attached all the required scans, thanks in advance for your help.

brenm2

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Administrator at 15:06:31 on 2011-07-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1293 [GMT 1:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator.HOME-DB44DF3E81.000\My Documents\Downloads\Defogger.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\prxtbMin0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\prxtbMin0.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz2.dll
TB: {5B291E6C-9A74-4034-971B-A4B007A0B315} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [SmartWizard-DPW-939] 1
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{F35EC0DD-4A20-47CE-B2F7-49BF7396E656} : DhcpNameServer = 89.101.160.4 89.101.160.5
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\radiobar\toolbar.ni.dll
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ASWLNPkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator.home-db44df3e81.000\application data\mozilla\firefox\profiles\g8tl46pt.default\
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google updater\2.4.1908.5032\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2007-10-26 174600]
R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2009-1-26 15416]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-7 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-9 207280]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-5-30 108752]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-30 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-30 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-1-26 24064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2151640]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-2 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-6 307928]
S1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-30 12496]
S2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
S2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
S2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-6 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-6 42184]
S2 gupdate1caca254ce8ba64;Google Update Service (gupdate1caca254ce8ba64);c:\program files\google\update\GoogleUpdate.exe [2010-3-23 133104]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-2 18944]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-30 256512]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-26 193840]
S3 cpuz132;cpuz132;\??\c:\docume~1\dave\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\dave\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-23 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2009-1-26 17536]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2007-6-21 56448]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-9 358600]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-9 1141200]
.
=============== Created Last 30 ================
.
2011-07-03 12:00:15 -------- d-----w- c:\program files\ESET
2011-07-03 11:40:14 -------- d-sh--w- c:\documents and settings\administrator.home-db44df3e81.000\IETldCache
2011-07-02 19:11:47 -------- dc-h--w- c:\windows\ie8
2011-07-02 17:09:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-02 17:09:53 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-07-02 16:40:49 -------- d-----w- c:\documents and settings\administrator.home-db44df3e81.000\application data\f-secure
2011-07-02 16:40:33 -------- d-----w- c:\documents and settings\all users\application data\F-Secure
2011-07-02 14:58:48 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-02 12:39:51 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-02 12:28:31 -------- d--h--w- c:\documents and settings\administrator.home-db44df3e81.000\local settings\application data\NPE
2011-06-30 22:32:06 -------- d--h--w- c:\program files\Ask.com
2011-06-26 22:17:31 4224 ----a-w- c:\windows\system32\beep.sys
2011-06-11 15:20:45 -------- d--h--w- c:\program files\iPod
2011-06-07 11:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-07 11:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-30 22:33:29 101720 ---ha-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-28 18:57:21 24576 ----a-w- c:\windows\system32\userinit.exe
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 07:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 07:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-10 17:26:01 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_ rev.8909 -> Harddisk0\DR0 -> \Device\Scsi\ahcix861
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll Amddfltr.sys PCTCore.sys ACPI.sys >>UNKNOWN [0x8A4BEEC5]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
c:\windows\system32\drivers\Amddfltr.sys Advanced Micro Devices AMD disk lower filter driver
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x888d7872; SUB DWORD [EBP-0x4], 0x888d712e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A5C07F0]
3 CLASSPNP[0xF74D7FD7] -> nt!IofCallDriver[0x804E13B9] -> [0x8A5C0D58]
5 hpdskflt[0xF77104E6] -> nt!IofCallDriver[0x804E13B9] -> [0x8A5C0020]
7 Amddfltr[0xF77180B6] -> nt!IofCallDriver[0x804E13B9] -> [0x8A555A48]
9 PCTCore[0xF732C88F] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000083[0x8A55D880]
11 ACPI[0xF743E620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A55D030]
[0x8A56DF38] -> IRP_MJ_CREATE -> 0x8A4BEEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\ahcix861Port0Path0Target0Lun0 -> \??\SCSI#Disk&Ven_FUJITSU&Prod_MHZ2160BH_G2&Rev_8909#4&1c594eff&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:08:32.04 ===============





GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-03 16:01:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\ahcix861 FUJITSU_ rev.8909
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\agriyfod.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7348E22]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7329CDC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7329ECE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7349610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF73498C4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7347B14]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7349D30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73490E2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7329982]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\DOCUME~1\ADMINI~1.000\LOCALS~1\Temp\agriyfob.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[360] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 021B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 021C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 021A000C
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 016B9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0178DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0178DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01794832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 016F1CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 018AE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 018ADF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 018ADFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 018ADE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 018ADE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 018AE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 018ADEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[360] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0179488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1005A2A0 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10059F70 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 1005A0A0 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 1005A190 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10059EF0 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 1003A7A0 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 1003A610 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 1005A110 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 1005A220 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[380] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1005A010 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\WINDOWS\explorer.exe[452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C5000A
.text C:\WINDOWS\explorer.exe[452] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DF000A
.text C:\WINDOWS\explorer.exe[452] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C4000C
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E4000A
.text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0074000C
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01DD000A
.text C:\WINDOWS\system32\svchost.exe[1280] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00F0000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0163000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0164000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0162000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 016B9315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 01794832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 018AE021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 018ADF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 018ADFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 018ADE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 018ADE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 018AE084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 018ADEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00CF7D60 C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll (IEHelper/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2024] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1005A2A0 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10059F70 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2024] ntdll.dll!NtFlushBuffersFile 7C90D32E 5 Bytes JMP 1005A0A0 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2024] ntdll.dll!NtLockFile 7C90D49E 5 Bytes JMP 1005A190 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2024] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10059EF0 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2024] ntdll.dll!NtQueryInformationFile 7C90D7CE 5 Bytes JMP 1003A7A0 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2024] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 1003A610 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2024] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 1005A110 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2024] ntdll.dll!NtUnlockFile 7C90DEEE 5 Bytes JMP 1005A220 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2024] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1005A010 C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll (Data Manager/Discordia, LTD)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

Device \Driver\ahcix86 -> DriverStartIo \Device\Scsi\ahcix861 8A4BEAEA
Device \Driver\ahcix86 -> DriverStartIo \Device\Scsi\ahcix861Port0Path0TargetaLun0 8A4BEAEA
Device \Driver\ahcix86 -> DriverStartIo \Device\Scsi\ahcix861Port0Path0Target5Lun0 8A4BEAEA

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Scsi\ahcix861Port0Path0Target0Lun0 -> \??\SCSI#Disk&Ven_FUJITSU&Prod_MHZ2160BH_G2&Rev_8909#4&1c594eff&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 brenm2

brenm2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:02:05 PM

Posted 06 July 2011 - 02:08 PM

FYI i've decided to wipe the pc and do a fresh install.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:05 AM

Posted 06 July 2011 - 04:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users