Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect?


  • This topic is locked This topic is locked
2 replies to this topic

#1 ab123456

ab123456

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 04 August 2010 - 02:58 PM

Hello,

When running a search with yahoo and clicking on links get redirected to a different site, not every time but i would say 50% or so. Also popups will then randomly pop up whilst on line in each case to a page that looks like a search engine with the search term being what i searched for previously. These popups sometimes can appear 2 or 3 days after my original search.

Have ran malwarebytes and superantispyware but now both are showing clean but problem remains.

DDS and GMER logs as follows


DDS (Ver_10-03-17.01) - NTFSx86
Run by Andy at 17:19:48.06 on 04/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3582.2888 [GMT 1:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Multimedia Keyboard & Mouse Driver\V5\KMWDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.orange.co.uk/
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NCLaunch] c:\windows\NCLAUNCH.EXe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [{E58D9ED3-1977-668B-A2EE-437BDC81FD60}] "c:\documents and settings\andy\application data\ulax\ceduh.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [cFosSpeed] c:\program files\cfosspeed\cFosSpeed.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www3.snapfish.co.uk/SnapfishUKActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.startriteshoes.com/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260825864406
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260825852671
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: {7CF74423-FD4B-49A4-8E5C-662709DC5C81} = 192.168.1.1
TCP: {AB2E2C51-229D-4FD5-B93D-A5530065E319} = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2005-8-4 26112]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-8-1 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-2-11 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-11 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\multimedia keyboard & mouse driver\v5\KMWDSrv.exe [2007-5-8 2179072]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-28 40384]
R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-3-11 2048]
S1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 0]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 0]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 0]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S4 gupdate1c9b9e7af0ee946;Google Update Service (gupdate1c9b9e7af0ee946);c:\program files\google\update\GoogleUpdate.exe [2009-4-10 133104]

=============== Created Last 30 ================

2010-08-04 16:18:46 0 ----a-w- c:\documents and settings\andy\defogger_reenable
2010-08-03 20:35:56 0 d-----w- c:\program files\CCleaner
2010-08-02 20:15:58 1634 ----a-w- c:\windows\system32\tmp.reg
2010-08-01 14:25:43 38848 ----a-w- c:\windows\avastSS.scr
2010-08-01 13:58:48 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-01 13:58:37 0 d-----w- c:\program files\Panda Security
2010-08-01 00:30:51 0 d-----w- c:\docume~1\andy\applic~1\SUPERAntiSpyware.com
2010-08-01 00:30:46 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 23:03:35 0 d-----w- c:\docume~1\andy\applic~1\Malwarebytes
2010-07-31 23:03:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 23:02:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-31 23:02:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 23:02:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 19:35:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-23 18:32:55 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================


============= FINISH: 17:20:47.39 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-04 20:27:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Andy\LOCALS~1\Temp\kgrirfoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xACA6BCD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xACA6BB8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xACA6C142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xACA6C06C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xACA6B764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xACA6BC68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xACA6B6A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xACA6B708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xACA6BD88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xACA6C210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xACA6BD48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xACA6BEC8]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xACB57620]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xACA78B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xACA789C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xACA78AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP ACA78AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP ACA789C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP ACA745B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP ACA75F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP ACA78BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB95E3000, 0x1C8292, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[348] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[348] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[348] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\RTHDCPL.EXE[472] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 02943544
.text C:\WINDOWS\RTHDCPL.EXE[472] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 02943724
.text C:\WINDOWS\RTHDCPL.EXE[472] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 029437C6
.text C:\WINDOWS\RTHDCPL.EXE[472] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 02955481
.text C:\WINDOWS\RTHDCPL.EXE[472] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 029555EE
.text C:\WINDOWS\RTHDCPL.EXE[472] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0294BA1E
.text C:\WINDOWS\RTHDCPL.EXE[472] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 0294BAD3
.text C:\WINDOWS\RTHDCPL.EXE[472] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 0294B9DB
.text C:\WINDOWS\RTHDCPL.EXE[472] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 0294BAA7
.text C:\WINDOWS\RTHDCPL.EXE[472] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 0294B7FB
.text C:\WINDOWS\RTHDCPL.EXE[472] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 0294B84F
.text C:\WINDOWS\RTHDCPL.EXE[472] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0294BA5D
.text C:\WINDOWS\RTHDCPL.EXE[472] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 0294B93F
.text C:\WINDOWS\RTHDCPL.EXE[472] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 0294B8A3
.text C:\WINDOWS\RTHDCPL.EXE[472] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 02952823
.text C:\WINDOWS\RTHDCPL.EXE[472] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02952CFA
.text C:\WINDOWS\RTHDCPL.EXE[472] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02952D32
.text C:\WINDOWS\RTHDCPL.EXE[472] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02952D53
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00273544
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00273724
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 002737C6
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00285481
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 002855EE
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0027BA1E
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 0027BAD3
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 0027B9DB
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 0027BAA7
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 0027B7FB
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 0027B84F
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0027BA5D
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 0027B93F
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 0027B8A3
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00282CFA
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00282D32
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00282D53
.text C:\Documents and Settings\Andy\Desktop\gmer.exe[752] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00282823
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 01023544
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01023724
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 010237C6
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 01035481
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 010355EE
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01032CFA
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01032D32
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01032D53
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0102BA1E
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 0102BAD3
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 0102B9DB
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 0102BAA7
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 0102B7FB
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 0102B84F
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0102BA5D
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 0102B93F
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 0102B8A3
.text C:\Program Files\cFosSpeed\cFosSpeed.exe[1044] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 01032823
.text C:\WINDOWS\system32\ctfmon.exe[1104] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00C83544
.text C:\WINDOWS\system32\ctfmon.exe[1104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C83724
.text C:\WINDOWS\system32\ctfmon.exe[1104] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00C837C6
.text C:\WINDOWS\system32\ctfmon.exe[1104] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00C95481
.text C:\WINDOWS\system32\ctfmon.exe[1104] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00C955EE
.text C:\WINDOWS\system32\ctfmon.exe[1104] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00C8BA1E
.text C:\WINDOWS\system32\ctfmon.exe[1104] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00C8BAD3
.text C:\WINDOWS\system32\ctfmon.exe[1104] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00C8B9DB
.text C:\WINDOWS\system32\ctfmon.exe[1104] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00C8BAA7
.text C:\WINDOWS\system32\ctfmon.exe[1104] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00C8B7FB
.text C:\WINDOWS\system32\ctfmon.exe[1104] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00C8B84F
.text C:\WINDOWS\system32\ctfmon.exe[1104] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00C8BA5D
.text C:\WINDOWS\system32\ctfmon.exe[1104] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00C8B93F
.text C:\WINDOWS\system32\ctfmon.exe[1104] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00C8B8A3
.text C:\WINDOWS\system32\ctfmon.exe[1104] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C92CFA
.text C:\WINDOWS\system32\ctfmon.exe[1104] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C92D32
.text C:\WINDOWS\system32\ctfmon.exe[1104] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C92D53
.text C:\WINDOWS\system32\ctfmon.exe[1104] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00C92823
.text C:\WINDOWS\NCLAUNCH.EXe[1112] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00CA3544
.text C:\WINDOWS\NCLAUNCH.EXe[1112] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CA3724
.text C:\WINDOWS\NCLAUNCH.EXe[1112] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00CA37C6
.text C:\WINDOWS\NCLAUNCH.EXe[1112] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00CB5481
.text C:\WINDOWS\NCLAUNCH.EXe[1112] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00CB55EE
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00CABA1E
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00CABAD3
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00CAB9DB
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00CABAA7
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00CAB7FB
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00CAB84F
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00CABA5D
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00CAB93F
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00CAB8A3
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CB2CFA
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CB2D32
.text C:\WINDOWS\NCLAUNCH.EXe[1112] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CB2D53
.text C:\WINDOWS\NCLAUNCH.EXe[1112] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00CB2823
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 00AE3544
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AE3724
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00AE37C6
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 00AF5481
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 00AF55EE
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00AEBA1E
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00AEBAD3
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00AEB9DB
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00AEBAA7
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00AEB7FB
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00AEB84F
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00AEBA5D
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00AEB93F
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00AEB8A3
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00AF2CFA
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00AF2D32
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00AF2D53
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[1124] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 00AF2823
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 05153544
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 05153724
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 051537C6
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 05165481
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 051655EE
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 05162CFA
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WS2_32.dll!send 71AB4C27 5 Bytes JMP 05162D32
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 05162D53
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 0515BA1E
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 0515BAD3
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 0515B9DB
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 0515BAA7
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 0515B7FB
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 0515B84F
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 0515BA5D
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 0515B93F
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 0515B8A3
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1136] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 05162823
.text C:\WINDOWS\System32\svchost.exe[1796] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1796] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1796] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01A3000A
.text C:\WINDOWS\System32\svchost.exe[1796] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E4000A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs A9315400

---- EOF - GMER 1.0.15 ----


Any help you can provide would be greatly received.

Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 ab123456

ab123456
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 06 August 2010 - 04:14 PM

Ive managed to sort it, so no need to waste your assisting with this one.

Thanks

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:45 PM

Posted 06 August 2010 - 07:29 PM

As this issue seems to be resolved I am closing this topic. Please contact a Moderator if you would like it reopened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users