[gaz1234]

Hello. Usually I'm adept at cleaning up on my own but this has thrown me for a loop.

This morning during a random Ctrl+Alt+Del, in the task manager I noticed Adobe Acrobat Reader (which I didn't recall using/opening) using a ridiculous amount of memory usage, something like 228,509k. I closed the process and didn't think much of it, but then later on in the day I found that programs were crashing randomly (Napster, AIM, Firefox). A little while after that I noticed Google links were being redirected (here is an example of the redirect link when I Google AVG for instance)
h t t p://www.google. com/url?sa=t&source=web&ct=res&cd=1&url=http%3A%2F%2Ffree.avg.com%2F&ei=pgPUSfn cHOnslQfrvpzkDA&usg=AFQjCNGC_5wf_ZlpTvTBmerEaNG3uLMPgA&sig2=yxjT-32L0qC1BJTcRL4-rA

After a reboot I noticed upon loading windows that after my desktop loads the desktop flashes blank for a quick moment before all the icons come back (didn't happen before) and in the task manager all the Image Names come up as normal but the User Name column stays blank for a long time before eventually loading. Additionally, PeerGuardian and my anti-virus & firewall (ZoneAlarm) do not load, but CAN be started manually. Also, when trying to go to Run>Regedit Explorer restarts.

On my own I ran MalwareBytes Anti-Malware which found 12 items, the first 7 being Adware.minibug and the remaining 5 being Trojan.Agent and Trojan.Vundo, 4 files and 1 Registry Key:
tdssinit.dll and tdssservers.dat in the System32 folder (both labeled as Trojan.Agent) and BM2e666998.xml and BM2e666998.xml in C:\Windows plus HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (all 3 labeled as Trojan.Vundo).

After selecting to remove the files through MalwareBytes I selected yes to restart, but after closing all programs Windows "hung" with just an empty desktop on the screen for several minutes, totally unresponsive. After a hard reboot I found the same problems as before, so I booted into safe mode and ran another MalwareBytes scan which this time found nothing.

At this point I'm back at square one, with the same redirecting, occasional crashing of Firefox (and immediate crashing of Napster and AIM). The only thing I've done otherwise is uninstalled Adobe Acrobat.

HijackThis report as follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:20:43 PM, on 4/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Documents and Settings\HP_Administrator\Desktop\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1196026302252
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196026288498
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

[gaz1234]

Any help?

[sjpritch25]

Welcome to TSG

Download Combofix from this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

[gaz1234]

Hello sjpritch25, thank you for your assistance.

Unfortunately this virus is preventing me from running ComboFix. For starters I'm unable to access the bleepingcomputer.com website from my infected computer (I get a blank white page); I downloaded ComboFix from another computer but when I try to run it on the infected one I only get a small progress bar that disappears after it's full. ComboFix never initializes and I've had the same result when attempting it in Safe Mode also, and I tried renaming the .exe file too but all to no avail.

There are some other anti-virus/anti-malware programs I'm prevented from running, but the ones I do have available that are working are MalwareBytes, SuperAntiSpyware, MGTools, Avenger and HijackThis at present.

Any ideas?

[sjpritch25]

You will have to download this from another computer.


Download GMER from Here and click on the Download EXE tab.

• Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
• Double-click Gmer.exe to run the program.
• When the program opens, click the "Rootkit" Tab
• On the right-side, check all the items to be scanned, but leave "Show All" unchecked
• Select all drives that are connected to your system to be scanned
• Click the Scan button
• When the scan is finished, click Copy to save the scan log to the Windows clipboard
• Open Notepad or a similar text editor
• Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
• Save the gmer scan log and post it in your next reply.
• Close Gmer
• Open a command prompt (Start | run |type cmd and hit Enter)
  • Type or paste the following to unload the gmer driver:
  • net stop gmer
  • Hit Enter
  • Exit the command prompt.
• Re-enable all active protection.

[gaz1234]

Thank you for continued help. The GMER scan took over 4 hours, after I saved the log I rebooted since I was having some internet connectivity issues (unrelated I think).

After the reboot though it appears whatever the problem was has been eliminated -- all the symptoms I described above are gone, and AIM and some other programs are no longer crashing immediately upon starting. Plus, my anti-virus and other programs which were previously not loading at startup all loaded fine. I created a system restore point just to be on the safe side (getting rid of this thing is better than the first day of Spring ); GMER log is below (in 2 posts), please advise if there are any other cleanup steps I should take. Thanks!


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA93FEFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA93FBC80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA9416170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA93FF580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xA9413900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xA9413B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xA9417B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA93FF670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA93FC210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA94169F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA94167A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xA9413280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA9416F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA9416F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xA9417D90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA93FC070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xA9415180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xA9414F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA94176F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA9417150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA93FEBE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA9417540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xA93FF190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA93FC440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA94164E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xA9414200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xA9414080]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA838F6D0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805012B4 12 Bytes [80, F5, 3F, A9, 00, 39, 41, ...]
? srescan.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\arservice.exe[400] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\arservice.exe[400] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\arservice.exe[400] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\arservice.exe[400] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\arservice.exe[400] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\arservice.exe[400] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\svchost.exe[504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[504] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[504] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[504] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[504] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[504] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\winlogon.exe[724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\winlogon.exe[724] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\lsass.exe[780] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\lsass.exe[780] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\ctfmon.exe[848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\ctfmon.exe[848] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\ctfmon.exe[848] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\ctfmon.exe[848] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\ctfmon.exe[848] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\ctfmon.exe[848] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10063428
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[916] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10063370
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[916] ws2_32.dll!send 71AB428A 5 Bytes JMP 10062BF8
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[916] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10062440
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[916] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100623C4
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[916] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10063324
.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[952] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[952] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[952] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[952] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[952] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[1008] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\System32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\System32\svchost.exe[1108] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\System32\svchost.exe[1108] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\System32\svchost.exe[1108] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\System32\svchost.exe[1108] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\System32\svchost.exe[1108] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[1232] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[1232] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[1232] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[1232] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[1232] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1324] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1324] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1324] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1324] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[1324] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[1384] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[1384] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[1384] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[1384] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[1384] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\System32\svchost.exe[1580] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\System32\svchost.exe[1580] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\System32\svchost.exe[1580] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\System32\svchost.exe[1580] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\System32\svchost.exe[1580] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\System32\svchost.exe[1580] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[1608] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[1608] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[1608] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[1608] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[1608] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[1660] ws2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[1660] ws2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[1660] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[1660] ws2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[1660] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2008] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2008] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2008] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2008] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[2008] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324
.text C:\WINDOWS\System32\alg.exe[2592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10003428
.text C:\WINDOWS\System32\alg.exe[2592] WS2_32.dll!connect 71AB406A 5 Bytes JMP 10003370
.text C:\WINDOWS\System32\alg.exe[2592] WS2_32.dll!send 71AB428A 5 Bytes JMP 10002BF8
.text C:\WINDOWS\System32\alg.exe[2592] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 10002440
.text C:\WINDOWS\System32\alg.exe[2592] WS2_32.dll!recv 71AB615A 5 Bytes JMP 100023C4
.text C:\WINDOWS\System32\alg.exe[2592] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 10003324

[gaz1234]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A9403B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A9403930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A9404260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A9401E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A9401E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A9403B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A9403930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A9404260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A9403B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A9404260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A9403930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A9401E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A9404260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A9403930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A9403B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A9401E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A9403B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A9403930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A9404260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A9403B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A9401E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A9404260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A9403930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\explorer.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BE2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BE2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BE2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\explorer.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BE2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00952F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00952CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00952D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00952CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Gmer\gmer.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Gmer\gmer.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Gmer\gmer.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Gmer\gmer.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs A8107400

---- EOF - GMER 1.0.15 ----

[sjpritch25]

How is everything running?

[gaz1234]

Totally back to normal as far as I can tell, thanks to your help.

[sjpritch25]

Before i let you go, please update MBAM, run another quick scan and post the log. Thanks

[gaz1234]

Updated MBAM & log below. Looks like we're all good, thank you so much for all your help.

Malwarebytes' Anti-Malware 1.35
Database version: 1943
Windows 5.1.2600 Service Pack 2

4/5/2009 9:10:50 PM
mbam-log-2009-04-05 (21-10-50).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 226938
Time elapsed: 1 hour(s), 23 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

[sjpritch25]

Glad everything is better

Go ahead and delete
gmer and combofix from your desktop.


Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:

1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
2. Here are two great Preventive programs

:

1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.

[*]Anti-Spyware Programs I Recommend:[/list]

• Free Anti-Spyware Programs

1. MalwareBytes Anti-Malware
2. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place