Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

AntiSpyware soft infection

Started by k33ba , May 06 2010 09:45 AM

Please log in to reply

7 replies to this topic

#1 k33ba

Members
11 posts
OFFLINE

Local time:12:00 PM

Posted 06 May 2010 - 09:45 AM

Hi

Recently i got infected by the Anitspyware soft infection and i followed the instructions given from bleepingcomputer's guide to removing it. But now when i start my computer normally its very slow and will generally stop workin after a random time...first programs will stop responding and then the mouse will freeze and i cant do nothing except restart the computer.

It seems it might be when i try to access the internet ( which when i use firefox it still sends me back to google everytime i try to go somewhere )

I've ran MalwareBytes which found various infections and cleared em and i also ran Avast antivirus which found some infections which it got rid of.

I tried to restore system to an earlier date because i read that might work but system restore fails saying it cant restore.

Im using WindowsXP SP3

If you need more information let me know and thanks for any help,
K33ba

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 boopme

To Insanity and Beyond

Global Moderator
73,490 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:01:00 PM

Posted 06 May 2010 - 04:02 PM

Hello and welcome. Let's see what shows up.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 k33ba

Topic Starter

Members
11 posts
OFFLINE

Local time:12:00 PM

Posted 06 May 2010 - 07:45 PM

The SUPERantiSpyware log:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/07/2010 at 00:41 AM

Application Version : 4.36.1006

Core Rules Database Version : 4899
Trace Rules Database Version: 2711

Scan type : Complete Scan
Total Scan Time : 01:20:10

Memory items scanned : 257
Memory threats detected : 0
Registry items scanned : 5229
Registry threats detected : 0
File items scanned : 32225
File threats detected : 60

Adware.Tracking Cookie
C:\Documents and Settings\keebs\Cookies\keebs@atdmt[2].txt
C:\Documents and Settings\keebs\Cookies\keebs@atdmt[1].txt
.adviva.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.revsci.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.advertising.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.chitika.net [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\HelpAssistant\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.adviva.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.revsci.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.revsci.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.revsci.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.revsci.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.revsci.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.advertising.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.advertising.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.chitika.net [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\keebs\Application Data\MozillaControl\profiles\MozillaControl\54rtbofm.slt\cookies.txt ]

THE MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4072

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/05/2010 01:36:49
mbam-log-2010-05-07 (01-36-49).txt

Scan type: Quick scan
Objects scanned: 132654
Time elapsed: 15 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Computer is still freezing when loaded normally =\

#4 boopme

To Insanity and Beyond

Global Moderator
73,490 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:01:00 PM

Posted 06 May 2010 - 09:07 PM

Ok, let's try one more scan here.

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

#5 k33ba

Topic Starter

Members
11 posts
OFFLINE

Local time:12:00 PM

Posted 07 May 2010 - 03:01 PM

Hey

Ok i followed the instructions and ran the program, it took about 4hours to complete the scan =\ and then when i tried to save the log the program and computer froze. This happened a couple times.

I then tried to run it in safe mode and it blue screens, i unchecked devices on the side and it still happens

I kept checking it while the scans were running and in normal mode there was a whole list of things coming up during the scan, but when in safe mode there wasn't anything showing up quite a way into the scan.

Any suggestions? ill try do another attempt at the scan while i wait to hear back, thanks for helping by the way :thumbsup:

#6 boopme

To Insanity and Beyond

Global Moderator
73,490 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:01:00 PM

Posted 07 May 2010 - 04:06 PM

Try ruuning it with only SERVICES checked.

#7 k33ba

Topic Starter

Members
11 posts
OFFLINE

Local time:12:00 PM

Posted 08 May 2010 - 07:40 PM

ok i tried what you said and it said something about "no system modifications" so i tried running a normal scan a few more times and eventually managed to save it

here it is:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-08 15:53:33
Windows 5.1.2600 Service Pack 3
Running: 4qixu050.exe; Driver: C:\DOCUME~1\keebs\LOCALS~1\Temp\uxtdqpog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xACDFFC08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xACDFFAC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xACE00078]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xACDFFFA2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xACDFF69A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xACDFFB9E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xACDFF5DA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xACDFF63E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xACDFFCBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xACE00146]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xACDFFC7E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xACDFFDFE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xACF63900]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xACE0C50A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xACE0C32E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xACE0C468]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP ACE0C46C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP ACE0C332 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP ACE084AA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP ACE0997E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP ACE0C50E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9616000, 0x22F0B7, 0xE8000020]
.text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0xA9954000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0xA9977050]

---- User code sections - GMER 1.0.15 ----

.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[168] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B22862
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[168] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B226EE
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[168] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B227E0
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[168] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B22726
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[168] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B2275E
.text C:\WINDOWS\Explorer.EXE[408] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C42862
.text C:\WINDOWS\Explorer.EXE[408] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C426EE
.text C:\WINDOWS\Explorer.EXE[408] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C427E0
.text C:\WINDOWS\Explorer.EXE[408] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C42726
.text C:\WINDOWS\Explorer.EXE[408] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C4275E
.text C:\WINDOWS\system32\wuauclt.exe[856] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02B62862
.text C:\WINDOWS\system32\wuauclt.exe[856] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02B626EE
.text C:\WINDOWS\system32\wuauclt.exe[856] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02B627E0
.text C:\WINDOWS\system32\wuauclt.exe[856] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02B62726
.text C:\WINDOWS\system32\wuauclt.exe[856] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02B6275E
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1384] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 06C12862
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1384] WS2_32.dll!send 71AB4C27 5 Bytes JMP 06C126EE
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1384] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 06C127E0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1384] WS2_32.dll!recv 71AB676F 5 Bytes JMP 06C12726
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1384] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 06C1275E
.text C:\Program Files\Bonjour\mDNSResponder.exe[1912] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E02862
.text C:\Program Files\Bonjour\mDNSResponder.exe[1912] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E026EE
.text C:\Program Files\Bonjour\mDNSResponder.exe[1912] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E027E0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1912] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E02726
.text C:\Program Files\Bonjour\mDNSResponder.exe[1912] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E0275E
.text C:\Program Files\iTunes\iTunesHelper.exe[2112] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02CD2862
.text C:\Program Files\iTunes\iTunesHelper.exe[2112] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02CD26EE
.text C:\Program Files\iTunes\iTunesHelper.exe[2112] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02CD27E0
.text C:\Program Files\iTunes\iTunesHelper.exe[2112] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02CD2726
.text C:\Program Files\iTunes\iTunesHelper.exe[2112] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02CD275E
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2220] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01E02862
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2220] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01E026EE
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2220] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01E027E0
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2220] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01E02726
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2220] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01E0275E
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2296] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 03FF2862
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2296] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03FF26EE
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2296] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03FF27E0
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2296] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03FF2726
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2296] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 03FF275E
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3180] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 04612862
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3180] WS2_32.dll!send 71AB4C27 5 Bytes JMP 046126EE
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3180] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 046127E0
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3180] WS2_32.dll!recv 71AB676F 5 Bytes JMP 04612726
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3180] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0461275E
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3420] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F22862
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3420] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F226EE
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3420] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F227E0
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3420] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F22726
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3420] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F2275E
.text C:\WINDOWS\System32\alg.exe[4064] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C92862
.text C:\WINDOWS\System32\alg.exe[4064] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C926EE
.text C:\WINDOWS\System32\alg.exe[4064] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C927E0
.text C:\WINDOWS\System32\alg.exe[4064] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C92726
.text C:\WINDOWS\System32\alg.exe[4064] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C9275E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\ACPI \Device\00000060 8AC8C578
Device \Driver\ACPI \Device\00000047 8AC8C578
Device \Driver\ACPI \Device\00000048 8AC8C578

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\ACPI \Device\00000070 8AC8C578
Device \Driver\ACPI \Device\00000063 8AC8C578
Device \Driver\ACPI \Device\00000071 8AC8C578
Device \Driver\ACPI \Device\00000074 8AC8C578
Device \Driver\ACPI \Device\00000075 8AC8C578
Device \Driver\ACPI \Device\00000069 8AC8C578
Device \Driver\ACPI \Device\0000004d 8AC8C578
Device \Driver\ACPI \Device\0000004e 8AC8C578
Device \Driver\ACPI \Device\0000004f 8AC8C578

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\ACPI \Device\0000005d 8AC8C578

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\ACPI \Device\0000006a 8AC8C578
Device \Driver\ACPI \Device\0000006c 8AC8C578
Device \Driver\ACPI \Device\0000006d 8AC8C578
Device \Driver\ACPI \Device\0000006e 8AC8C578
Device \Driver\ACPI \Device\0000006f 8AC8C578

---- EOF - GMER 1.0.15 ----

Edited by k33ba, 08 May 2010 - 07:41 PM.

#8 boopme

To Insanity and Beyond

Global Moderator
73,490 posts
OFFLINE

Gender:Male
Location:NJ USA
Local time:01:00 PM

Posted 08 May 2010 - 10:16 PM

Hello,there are no signs signs of malware. You should start a new topic in XP at the top. They will run some tests and see if it's a hard or software issue. tell them you are clean.