Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus - Lost Access privileges, Internet Connection


  • This topic is locked This topic is locked
65 replies to this topic

#1 ctxman

ctxman

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 01 June 2010 - 06:17 PM

Hope someone can help me because I have serious issues with my laptop. It's a Lenovo T400. I'm running on XP.

I've tried to run logs per the instructions but the virus I have seems to be interfering. I can not open any data files because it says "user does not have access privileges" - this goes for Word, PDF, JPeg, basically any file I have on my computer I can not open. I can not even open in Safe Mode either. The Virus also blocks my internet connection sometimes, but sometimes will work.

I don't get pop ups, but I do get a misdirect if I click on something from a google search.

I've managed to put Defogger on my desk top but it won't run because I must be an Administrator to use it. When I run DDS.scr it looks like a foreign language. Gmer will start to run but then it goes to a blue screen saying a problem was caused by file awaiifob.sys and there is a page_fault_in_wonpaged_area.

I've run Malware bytes and Superantivirus and sometimes it doesn't find anything, and other times it finds things but they always come back. Since I can't post a log right now, about all I can tell you is that the Malware Bytes program found and supposedly quarantined a Trojan.Agent file, a Rootkit.TDSS.Gen file, a Trojan.FakAlert file, a Trojan.Fraudpack file, a Rogue.AntivirusSuite.Gen file, a Trojan.Downloader file, and a Hijack.Tray file.

This thing seems to be blocking my access to everything. I'm hoping I can get some help, even though I can't get a log posted?

Please help! Thank you so much,
John

Edited by ctxman, 01 June 2010 - 06:23 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:07 PM

Posted 04 June 2010 - 09:13 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 ctxman

ctxman
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 04 June 2010 - 10:08 PM

Hello Mole, thank you very much. I'm here now and waiting your instructions.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:07 PM

Posted 05 June 2010 - 11:28 AM

It sounds like you have been severely infected.

We will try the usual route but be ready to switch completely if this also fails.

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Please post the resulting log in your next reply.


Then


Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 ctxman

ctxman
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 05 June 2010 - 12:12 PM

Hello Mole,

When I run the Rkill, it pops up with a bunch of gobbly gook that looks like this:

@  !L!This program cannot be run in DOS mode.

$ PE L +I  2    P   @     0        $    UPX0    UPX1     @ .rsrc     @ 3.03 UPX!

p -w  &  42sk z
d=G)ӐSM ᯘ2T~\k/53?k\d(zc`<u$˛J*|xP 8V'&[|}CJ!}oۼ' $)nz\;CJ(qRDT+ۊ)\?1+3mnUXvf#$Wfu-·dM *X]/2nƼyۥ;DnuWkM5Tqe6̓4S 5.4@ံ6GeȨ&&LS3 j?٩r5q|ז̲,i iMa5
 hR(X`6}/14h 3 ^(1ߍPOdi$v6uv6)FrDC>w=
 $4iqaF"ɯ
d<
y4)Ikq_H-]#@ ^4<eM7rw@_<t/7_a15n'qlO7#@*bTc+{pP;Z
d<)^8&<y6Ǧ$Ynm
-3Gj*Ⱥ=
tB$\6h m@Lڼ<^ *,!Ƨ>Q?!ݸfӾRZgW= +]ʅ9G$cРJpjS[N:@ݰk!A"G|3TjR7_nl&VʌQX  ю_}
פ N"Z(Y'K#7rJsI3 HSV| xe0ޮ~jP,ٖyk͊?ܚxH'%p"M ؐmrlcY写n^.λe {S䵶dcc,s͆ <AUZޝ5 &Y۴Uԣ.n&ɧiA, _!jq*WdZ-NiIGtJ"هȉ. Ɨ,vwɇRd;1JSIk2<W/CRT2s"W K1/2D-z ><F'AV8E9SwQ"IͲ0eZtMnLg໇ZBS="}jPȾW`H>QnjFQ"M5 Fk h LGDfPn$}nތ}a$W^0"W+B֏T!5>Ջ:[];~Eժ8pB#:
2
ِrY*vňK8߹hr<("."
zOjǗ۪gQI3-L vAgtñ
ECw<'j=clé}q-gO6KoLL(-F-qKˠh^ }ձòF)Z_P}
ĝY5V Pe)t'oKZ#h΁wy76PG} KjSRυaSHCx0j+%ꄪ
/R~0Q/*|u-TL~1U3_39Xc=ФSjHH/ }dJfgBHEϴZpL5þk
pV;2)} rr, Rej=Lp(QuTGL
+k?وfIIo}b#^"В؋  ҂Y5;΍*|7' -
ڵT Jp@a۹PBi"2}ճia%
71W-ޤK
1Iua}wv? ăl88Fˤ]^ Y`w 'T l; qWyU44 #8訇hWFlh<6k<cDPnLM諍W^C699rvU)m
Cܵp-M,p_M1K'8"<澠_:Sޖkɿ
^ A4%V#U_) k3O϶;0o\stQe`Lx3&RX,ڝr̘?|R041x2 9`^v(֡j3:Wɓ;L=м-H`oBazHVYR`.r/5@X1{7(,c 6Pݞ"&vs8^)qRLFjBN:;/\aN\[dlaZo#2F$&jerOY+ʎ3i,J"FżU H-xan̂;KumJܚ4
B+|@ tmG7_n*<&l@QߧJ* }^Gs!X
a7`XNK\n)T:Z'SO cKaL6@ Mqt#v{(cZMC'?ݾe2dЎ=M`tL~~#c&@k+xT:HP[(;N^*D^B_Cn ъP4$$Rskyˊ?G>#M=^ğ+9v!ƎSZ^1&z`AtM }A3 2wP&:2= yn1*BWJ^|AIdڈg1$ )j(Y(0lw;RR[*)KCN)TMBWpV>@F:>EЁ|ZIHbjaU~+yf$%؅i*ij\(>SLTWؔ@c0g *!Cnav?({!K.tP60Xke @7x} X}<V6̡c2EV!{C9sCěAALLLvSg*Òk1Hdt|/gB`w3i
QrΖ(\&} bf'ćֳ R@UЗЦ ;*bJp][@" %IO6i@}Zmy޳J8YWF@`=3dsYAx
av6z4uVFX{qXxa?Q:JgWzY*;Y4)*E"L[kMA-D7ݴ[14ѢKnU9 ֻ'[&
Xs/BOj A.n,Y53<x&Ajo[ Q` <1%si𓥋R!bFȮRS– ě8Il c'S "RE "a8~ ˇ$9OVH6g(˂qmJ.tI,/LWW޺&14̓'PXye}7g$U M<ri4zs.nOzYOʀ=~r OKڽO:"M9X?x
"Ԗc ͊c/ 8c6-edΘl9Ƙ78ὗ6@s䲘 z]i=Ø< mޫ q:4T)꫈f̬mhl}IÚwP
xy)kѽFDB D7_Yy
-Uf /tMwoy }ݎ ‡hkT B1Fe'FJ,_*;V8y+b[\%2V,ػKކ]x>BOԏwTHRY{G#!B=]n7F)Rxu}.->:7 H/6۩rDz}%v&Ud\CJ#ʟy0a;-<hjgD1zmD+)Os#)̥ip% ᗍ; ȍ罧pޟB iT6_7kVBN%L(y:A7&*W@ KaϕCג]k+pyvr׳HJ27]~֍X}C5
e nn9S6
~ x'SfwX.֨>
H] b
a݀atuiOߘEJӃBE]GR$翩]8lI{4P e {HZlDq}: ?U0\)ФV跚]f'V<ٱ8R }v1SRRL7Ei)JER^ܢ|zӘbnպNj8{ѯ_3r[2)CE +.Pߤ2[7skZOVK:/ё _SBU[~э4 ez7=PX(,ӣ~eќd!x,'y}1;U}ozř5eC!Mӄ */X
z9fSgy/?3U$~Ÿ#LvZ+؅)`Nx~.}.X1D.hC_EU-P18ڤpCs;;ztWezaɤцۜ4(%FӞym*I\Qy^E~X,߽mam\&rSuNNU`xXp}L17R{:*X\']yEyv^uhyŵO`"Hb[e[ڨ4'lMb]IҐÓr%(
ʘw[%y޳2jYwd(d1|G.G)3N!T5L?5jLܦU}pQ.0K*@МARuغ8()H\zKmioZY}H_z^?xb5{ߘ?y6>
-5 ha$2*@") .__IIˈڥV0Iu nѪ$ y%Kw[{N1wӧ8zsq_lTh87__Zc=%Ѿ@{TDŽ
tr:kx(1B4Gis۽ϚőKFگs
흺gOWsaɵ
^vx» ,?Ga Pǫ8k\|nE
0cTYFdUR1~-PN6h
q 8HS3MaVVZJIl֊}Nkr(&>i3Tw]rI/F+at
Sڭ1ƙ38iXF`q i9edKL~o&W•Z#a{ʭ-&HlOf>>˦_L&l}8渼+KjF5:H`om-_8KД^&1
p6F J]"jRx%V0UV&ZqU&􆈐]uh}ڭӯ3G)H&zEY8A+GkIZ3;nMlָ̈لBSF22t)wџs~CH&
? m;ɔAׁK_:/̚ɰKaBUvv¹pڎwfgdzSf8ȫofA8JRπ7ϒ dG:r4S`)? >^NDXW;tNKFF RxYئ`$ I uq
1+cUb"m~,M"l
)Eχ\KϜHv[x` (oy Q&,]Ā&kV`#q_oެuFh=7JI;V_" OV, jۛ6iX-}XdmE'@EvFkӺ::/s>.] `PulsD; n930L5\̛I<LdB^8(@;SG⑖*coHˠ\GA՚
}o<+0Ike]oVLy;l,{`N&dGP>Yס
+0Gyq;lۉJOF"t3t1o{]"r?T)Fv#k՞
!Pz9r"SFBη2 ,Z4?:P_!Wçg;98-12B~حÞJAxP&xHMd2as
I( 2; EַK,YVɇ>=vAQst4]bh[*G6ts/:6]/~t?`$%^8iu>wv4Rn3No8:)Yw`kr Սs ;P"G_+liu"-rӪ%o{XL[Dڶ1INqKqfC1G_Q1mP9AѹؚWF?+l
qAFXB6JePNGN1|"%)4|7氀U!=0j4Wix/J
ASp/\ <.$͵>VqI-RDGmV d͛V{.aq(NB`elX#&kUSj @jyQv!n#"CKr~pfOaKӘDmc}W1`F* |qHZ~z *.Hu/4
CQ&ք2SaVu-h SH1shje;rwʃ/I:eD)8
=U޲;G}MgxQʩ-iU,$.Zq81!
AkEWkzR)?\pE9}
Rr,->OhwķCnڔ2پwS*}qϳAjMb OIirԜjVew 78%#dDn&GsF/5H$p;Iu'v+ oCFT-kͫC+KeFhd%H$ǘs
7jrm3C(Qc>!,z`ԁ˹Np)6RKLňd f3aDCͣC
"FENVS` Ca 4R7HLˡwЫ`AT)|Ga,,7'09r|Ѣ^@Ū䐵Enexcw$@.de*:уFү74Ďzs\YޔvPЏ#P`{6i
\Ik3y>/E~Aunj؜#o~x肥P 匪qbqIh{L1N%*B<]mb.-TU`Љca`Z@8 _6k;\ol!4i]js6d Qv1^<Y{ٿQQmͅ}[-MwSi8<W
+!gB+S/
 \mS&b iO>yHOwHڈ=*ㆉO6$c"evCϛk0lR`X$
^3<Hy
yJ
~ ܛE.Dǂ1En)rj
2 |:9\IsR^_^aV׃7Wsbr!-YJM2EcT?#Hy~ͮ1߿ 6v4 s5S"[ReEXc[RJxRuGxlʓ*O*stl
)9J{ aBWsmveyMc_jSOH]{5`^wXLhSH~](;'\8k3/?K:uiSݖ,/%":hPҜb|
>ԡ͞N iI &հ$)Y0dqqu(hp?Q5/}O 2$w8*W9'SB)@s}(/跿S'=}0`TW6or֚">v6aI`]rRq4:nUqp͝nyhw%#|R*{Bٗ<3*^n%o9k*6pϴ#ϓ3݉n_:]&z`RY;Tb~T /|Vl<s_T^f\@+^F#>Vs/gѮ![s
Ca,l
H73Z'jwMa8*h9ͼMm_\l=B?$ʋ!5CoB]1b"{
##y2i&|5KIbw<w rʻmf*tlN{a[x@Ċ x
&6_k? xslh[A_I7fD dTnƝ_9ٿy܎9p6yA8Q͚HrTe+V gLRRBD`-%e OܮT }fu9[MT9S#O'p3u0PBMη o
-&[u ʗTЁUma]Xix 5- j_HjF0RvQbgEG#׌^֛X-H:8@~+O 'u,xE
r3/U/Bʩ8HOHtp&@k" )~K!OqAYujY" m.vbAΦhg
̕yNa輈7]U 6vê
z貄пĴ-Y k,\ rm ĩ(X@5fgcs~`خ?-ѣ^ۃX5rDXvhT "=ۇb*֣4l`=iWo?7gC-ďļ\@,HQKY
, ҭXͼ."W
hYM &bF I_yU퀊tSV`:n3s ptV{ D6$t+3.n1KLVl2{%e4q)r^PR}Vp\dݚ/&l1l)fV>In6.׾g7^Ku?P Y
07Ǎm̈́|7z Z=φ=t_ߺݟ޷j H1jj^Мf1%c9\.1>>E?wn>hKM b%rЊc% ]1;q=pzELR)PS4߭~!;hD'@1;'HQ,L3o0WB;iyЃ
*sKch qJg6PgXY(Xp}aVPb e*VRQ
TRN/fgݛ\idf>6Q9݃_+{[qA$ε+%%_\d߼A7Ϻ=Y-EGzt0u^=egHDF
jCGqVpY(Sw%
r8}'GbQwUJ}+ wi_ tь=&&?*$O*I[tb
-W V<:cѿE~ I*L^#}HImu h`nƇ60.Ӧoh幑\:k++26T92Z3]Y
WƳ
*o,!G'L`͎`UJD\a¿Rg$? V
;S`at@161pN$.qx jKw%Y[҉묹NU p
MF՗e"BUᦱmK*c"m!f"v}j"
hHbbTTk:Wbzߺ4v{ .n@wT_oLf=›jTĔ ASD j+zGHl9EhtB]$Ǫ:KdUѳp"xYX*- 9W'Z1*,ptNeĊ6&G1h:q֤͛-QVEG8{;9U<j0Mrx2|%}SúZ9=+E^_ru8j|<ې.uۨ\4
GF^3ze|AUܤVC#Z<拨SWR2ū/BT$V> $`CK܃otbܾRc
ٖ^F=ӎv{ث/}V)$,y~ia( 7<xyy
/_PJA#I:ԋf:4j!Zbsmile.gif 4ho5sE)蚬M /`GҺ1Nk@5ԇ^4_XuW
td|^]]o BAz#-_7rcv8 $|ЫaNZn"1StVLꄕ_H̟ W!+lɲ{z.|kޕ%TkGdV"Z֡GqF%~9Ո)k1.ə' pqQycNHӿ_ nuqAJ1@F/xJ5i]#ۺV{; Ęۦ(j>M:ʃ 1oD0eQu1hU>=bn显D;ASe"Ջ ͇0ZJ [z.C#+|$\[
Bƈfz/ljmSԊЯ@B swFEjMbPFgD5g"}aqˢ=zp {
YWo8*nn:%5gec;g$P8zU1w2g**P /2ݒ <uZӿXe00)$8( tXtDiM= ;;]_\4POvjpqRVf"v6
d"˯0w̑!aU#xdZ`V]cE-87Tٽٯ0ƇbVPa3+D./
#{忴"8o8\!Vߋ
}S%Mq)G3\*IQԚŬ1ȶRiz Rk2oVv*ݔ߭]&+
8BWc>hX)U^Al3r+;
džfMˍ=ɋΤbږwsc>mj勘$ɯaL|PLD!-ވq{~niz !U@}}3 bt0
n/PBwYTE\C4QiӞ^;{?,ڠ_Vȑm.IYмT49J{+yxL
8A
Z,+_/U&ޑ(7Ze3kW#$Z\`x[vapJڛT}3*t3Jj]M [)(krA2gtMf _jWJ*Pc%&Τ)` Ü-&_&d:YYiLqSԅr,_ pua١_u
М9O9PEi<{۴tW^pHH}"!ʃ+\z `薼 eʘjԯh@ޫ C^K0\s- vݗPƒQH}zԒ%dA(H_+]0w8*wH:83ٲ"vnp椉pc*hEEL;t$5I`RƎkDA _M62޴F{I#wy
()iV'j`T<iE2?!J- 6.(fSfpB-d+gxjG谯@5-Q>*Ko]kE!,D  0DE zw Oo%GsV(naU;]á Xłf$Q-﬈YLKbY#v0!2n[8ēťk}O?*(>{vo[+=*4[JO+g_6%gN*G*VrkG~5*0^2$89 s`]XOzHD1m:^X8b,HȄg)mPNLxI&k/'oq,!F&ҵ|NPg6n
w_ xޘM~;|A{{Uϗ=KMڌƏڭ쓪<Zcܝ n?33XLBMm+< |:]VڼW\'`@Kdxv='AFS`~+.r3)Tŏ HAҫXe:F2*X!df
h~ Ghaβ 4}7Fq`^Zm з t{lJ̏ A].C;:i{05ՒcQC4O
<  edPQ)[6rUL؀\u p N]?FV)׷XWPx 0\_,98*P\l".f H.6؎` 5Lsv$[]:6mj{^Zʝ78)i'0/sKOIR_Q0.&oV,,#,,iEJvDMe#̇Ozg|feƢ +XX<qlPtnG0ً3p02~=2XXl]ж(*#OG_MC1UbaH))\Nۜ܃d ڜCLG38Zb@٭vPlMSE"F>,O4H陞'oVg#N~K&6:LNŖjB\{A h0ͺ6yoUaϝY):^7dʠ?qQ#B:3V$CwM}`VmJwڬC[۟7H~m3-Ⓣb2PMK/j@t/rLL}y!&ZN1oTGH7J2j;_Bi 1Fƅ/wnߵ$Qlg\+"o:D$\^?4#Ac^ KϾU܌T.}ـ3T`5TM:DEA}
mV:'dc)Vv Ժ>!?y+>\c ΍n҄[Zl]ߝ?^S/\ظUcX|D6
K̙F%7Y/y΃#3hu~_Hi&BVs1o/|U
-/b7gRdLi|0$
zT.,.Ss σ4MF֟J4Eyɨ}2pj՟ (+K(^sy AUC3g>S_<; wI#eZiu#]>?DOQ g*ؿfۥ"c,"S9>nFpqHI▛1rLkv{Q2[6buSokl
C3 39:'@AJS׀FLv@k%o}K|ܶor6ĈMkp}_?2ڈ+"tjWقSHXP!,fT5S.xDrk'G-`2)A_T1&F$S:%BˌQqC:c+<$q(:frŀ+ Mrnq?iQ_$N𚩜6lNu:;6%f%;2YdTtfp~g&e+
rvB 
w޵nD!1 '* ϯ]$%RZG1Pʀe /+NUs&ƕ٩c&o㧦N({x!1$bc:v9^9_gԏ.S{P4: 6dL§6YBJChz~ʼnS
}R)hz\ijUXfY:eQeB*MpaVD u9QS?X]:ʹ 5{8['UZ+oavu*3`
,xd-2/.|A3Y 뒽XG_笑x}Ubj9K})65_
@J,fJo?&SkXgeVKU}zPJ( {⛋aAQ{8druwou5Z3fQS,E fWivpJr^
V7Aj@~G0E= ۦQ($Sc䍐 z1KP^΃ܺZuB[0EH]r$KϠ^1
{FD-gqx))2;Q%um֞_14װ3<AR-v=)| ^'=9&{肋 Gg `[x(>0o-iDG~^`y<zE6<8l4*!(ce(u3ay๥FZRʰLv[sVBCł(גU
+
'TJNQ~3CA%EUɀz{J&tBTuK4$grl.Th/ ;fwvDDpJKqN#
Fćaޤ)E9([g^fSsc{@Q>֓5bOIu#۱1aC y܊L*#YPmKϒGQFJ{ibAB`7o@tR9EQ20]G%gWś >wb3O a–U
bx:S弁r=@H[*Mx X/:9#ƏI1%0b\&PJⴭ[4G #G&ƛK]CCX|c4lX D'/D<F(Oxi;1/禃ԙ#m=߈
5K|vPRАPQW(ɀXݪe̴ß(G}Fqӡ.Wv`sY&+';^W3`E!4E#-ƖӅ$aĶMeӋ\_6'˟:B}_jVZ '+FHo!ov}9"
n:]QWNӭ(bB&Dw|їttYZwa`~s$}L-%pLۙ2MmCU
Oho
u+<c.(mTAc֥:v yL^om4$dGjR$HTx}NP(eRUZ0F|`5XQ4o9FuEI{U8N#=10Cljl(#L,}ycG 8F|WϿjF a;]tE7ӬlH=,sQ|"?BE(=W.4H)"NuFeIu~N_tu5fw$HR{9<)=R|ѴF#*`زvv
AxtI>
P7YzZyzT%<.?%ANE3\)l@[
hC,ZÃZD.6T,0bVtȌ+Ĝ}^i,k0m/$ԙ aFQӦ] +p
;% 8q\Eޡέ-DTQTZiAxQY91_6Nh#u"\c94TmġWu!#A#0>=|: % ԴXt>chLۤ{7"*'&"6#Lo[AҶZb0~f#l,@@:SZq qoXE2nxfHRpbUp/5^D P!('β-<堂fPRf&II&tx5Ǔ(GۘqtCG4yOLu隑֕[ɜ o#Bq#'Grc9ө
QԲ$9u2x:i=M]E*Ln9$g.fbIZeB7 (L1+%y~nO g:\p9mPShmB*bIj9V-S s=
"#A&^6%'9vJn ĕH>KtbX:ڒ.MypTl9s094s%o_ϼKXS)Qh6 aO7 Xp 4!n.D{B\H1= x`U4b<JOw rEY%&7'8^Ra]y#ƥ(spxd:BTc-dcA+@6կN4GKd\*/j{)0iê S(Ma
迷ۦMkG܏W:s2̴nl@2N%SoR&H6ŋѕx9Ș,4f\\Nh ~]a)VT2_&CTٖ猏\ejWWTƑÎ6_SQASA`9tTMfPu z×@- Vu;vBÚP9lo4}\.Pr]ABbmJ%I~i:uES)LЦ7:E"f !l4uIEPd$O`@ը7Cq_2wkRyij32!x=O>Z.)1{hɽݦ7%a-eM
J7ٱ |&iV-ǭ i[6D@w˿




I started to run Combofix and it says that I need to disable VirusScan Enterprise and AntiSpyware Enterprise. VirusScan Enterprise is part of McAfee I believe but I didn't see how to disable them. I have McAfee Agent. Please advise and thank you.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:07 PM

Posted 05 June 2010 - 05:24 PM

Open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.

    Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)

  • Next, select never for "When to re-enable real time scanning"
  • and click OK.

Posted Image
m0le is a proud member of UNITE

#7 ctxman

ctxman
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 06 June 2010 - 03:20 AM

Mole, I don't see anything like you have described as far as a security center. When I right click on McAfee, the only options are:
McAfee Host Intrusion Prevention
VirusScan Enterprise
McAfee Agent
Update Now
About

I don't see anything within those options that allow me to disable. I might add that this laptop is a work computer so it's not a standard Home version of McAfee.

Hope you are patient with me and I apologize for not being able to find how to turn it off yet.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:07 PM

Posted 06 June 2010 - 07:40 AM

You may not (and probably shouldn't have) the access to disable the antivirus on a work PC...

Please run Combofix regardless of the warning. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#9 ctxman

ctxman
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 06 June 2010 - 02:39 PM

Mole, here is the Combofix Log

ComboFix 10-06-03.01 - jdguerra 06/06/2010 10:27:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2026.1191 [GMT -7:00]
Running from: c:\documents and settings\jdguerra\Desktop\ComFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
C:\Thumbs.db
c:\windows\system32\vb40032.dll

----- BITS: Possible infected sites -----

hxxp://SM-CALA-SM11:80
hxxp://SM-CALA-SM07:80
Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 17:47 . 2010-06-06 17:47 40428 ----a-w- c:\windows\system32\api_hook_list.dat
2010-06-06 17:47 . 2009-10-20 20:30 39816 ----a-w- c:\windows\system32\HIPIS0e011af.dll
2010-06-06 17:15 . 2008-08-14 00:08 325144 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-06 16:58 . 2010-06-06 17:00 -------- d-----w- C:\32788R22FWJFW
2010-05-31 05:37 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-31 05:37 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-31 05:37 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-31 05:37 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-31 05:36 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-31 05:36 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-31 05:36 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-31 05:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-31 05:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\program files\Alwil Software
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-30 06:13 . 2010-05-30 06:13 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\cisgubcik
2010-05-29 09:02 . 2010-05-29 09:02 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Avira
2010-05-29 07:16 . 2010-06-03 04:48 -------- d-----w- c:\windows\system32\NtmsData
2010-05-29 07:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-29 07:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-29 07:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-29 07:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\program files\Avira
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-29 06:40 . 2010-06-03 02:45 63488 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-29 06:40 . 2010-05-29 06:40 52224 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-29 06:40 . 2010-06-03 02:45 117760 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-25 13:28 . 2010-05-25 13:28 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\lhllelure
2010-05-22 23:11 . 2010-03-16 00:43 98136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe
2010-05-22 23:11 . 2009-07-07 19:59 22528 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll
2010-05-22 23:11 . 2010-02-22 17:48 29184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\!CheckMinSpec.dll
2010-05-22 23:11 . 2010-05-22 23:11 246073 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\npsoeact.dll
2010-05-22 23:11 . 2010-05-22 23:11 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment
2010-05-22 23:10 . 2010-04-26 17:50 151864 ----a-w- c:\documents and settings\jdguerra\Application Data\Mozilla\Firefox\Profiles\vrgvvs0q.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
2010-05-21 16:32 . 2009-10-20 20:30 70728 ----a-w- c:\windows\system32\mfevtps.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 23:34 . 2009-10-09 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Credant
2010-05-24 06:36 . 2009-11-20 21:17 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Skype
2010-05-24 06:36 . 2009-11-20 21:31 -------- d-----w- c:\documents and settings\jdguerra\Application Data\skypePM
2010-05-21 20:51 . 2010-05-22 23:12 12875096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe
2010-05-21 20:44 . 2010-05-22 23:12 2875392 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll
2010-05-21 20:43 . 2010-05-22 23:12 106496 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll
2010-05-21 16:52 . 2009-10-09 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-21 16:40 . 2009-10-09 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 05:12 . 2009-12-02 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 06:44 . 2009-10-09 21:50 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-04-29 22:39 . 2009-12-02 22:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-12-02 22:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:35 . 2010-05-22 23:12 892928 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\T4Lib.dll
2010-04-23 17:38 . 2010-05-22 23:12 626688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcr80.dll
2010-04-23 17:38 . 2010-05-22 23:12 548864 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcp80.dll
2010-04-23 17:38 . 2010-05-22 23:12 479232 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcm80.dll
2010-04-23 16:25 . 2009-10-09 21:54 -------- d-----w- c:\program files\logs
2010-04-23 03:53 . 2010-04-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-04-23 03:53 . 2009-10-09 21:56 -------- d-----w- c:\program files\WebEx
2010-04-08 01:09 . 2009-10-09 22:01 -------- d-----w- c:\program files\Network Associates
2010-03-31 11:48 . 2009-09-09 10:28 93816 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 823928 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2010-03-31 11:48 . 2009-09-09 10:28 53880 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 40568 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2010-03-31 11:48 . 2009-09-09 10:28 36984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 284280 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OESISCore.dll
2010-03-31 11:48 . 2009-09-09 10:28 27768 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 16504 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 164984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\FWManager.dll
2010-03-24 22:03 . 2010-05-22 23:12 1548288 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Bitmap.dll
2010-03-24 22:03 . 2010-05-22 23:12 1028096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Infinity.dll
2010-03-24 21:59 . 2010-05-22 23:12 372736 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControlForms.dll
2010-03-24 21:58 . 2010-05-22 23:12 3133440 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControl.dll
2010-03-24 21:56 . 2010-05-22 23:12 323584 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_D3D9.dll
2010-03-24 21:55 . 2010-05-22 23:12 458752 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFont_FT2.dll
2010-03-24 21:55 . 2010-05-22 23:12 237568 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GDI.dll
2010-03-24 21:55 . 2010-05-22 23:12 733184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw.dll
2010-03-24 21:54 . 2010-05-22 23:12 409600 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GParse.dll
2010-03-24 21:54 . 2010-05-22 23:12 266240 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_DX8.dll
2010-03-24 21:54 . 2010-05-22 23:12 225280 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_GDI.dll
2010-03-24 21:54 . 2010-05-22 23:12 114688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput.dll
2010-03-24 21:54 . 2010-05-22 23:12 1499136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GKernel.dll
2010-03-14 20:41 . 2010-03-14 20:41 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-12 04:08 . 2010-03-12 04:08 55960 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 11:49 . 2009-02-03 19:10 841216 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 11:49 . 2009-02-03 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 11:49 . 2009-02-03 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-02-03 19:10 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-02-26 21:39 . 2009-10-09 23:29 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-02-26 21:39 . 2009-10-09 23:29 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-02-26 21:39 . 2009-10-09 23:29 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-02-26 21:39 . 2009-10-09 23:29 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2008-06-12 14:53 . 2009-10-09 23:29 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 14:53 . 2009-10-09 23:29 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-10-20 979104]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2008-04-09 238896]
"E

Mole, here is the Combofix Log

ComboFix 10-06-03.01 - jdguerra 06/06/2010 10:27:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2026.1191 [GMT -7:00]
Running from: c:\documents and settings\jdguerra\Desktop\ComFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
C:\Thumbs.db
c:\windows\system32\vb40032.dll

----- BITS: Possible infected sites -----

hxxp://SM-CALA-SM11:80
hxxp://SM-CALA-SM07:80
Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 17:47 . 2010-06-06 17:47 40428 ----a-w- c:\windows\system32\api_hook_list.dat
2010-06-06 17:47 . 2009-10-20 20:30 39816 ----a-w- c:\windows\system32\HIPIS0e011af.dll
2010-06-06 17:15 . 2008-08-14 00:08 325144 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-06 16:58 . 2010-06-06 17:00 -------- d-----w- C:\32788R22FWJFW
2010-05-31 05:37 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-31 05:37 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-31 05:37 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-31 05:37 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-31 05:36 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-31 05:36 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-31 05:36 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-31 05:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-31 05:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\program files\Alwil Software
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-30 06:13 . 2010-05-30 06:13 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\cisgubcik
2010-05-29 09:02 . 2010-05-29 09:02 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Avira
2010-05-29 07:16 . 2010-06-03 04:48 -------- d-----w- c:\windows\system32\NtmsData
2010-05-29 07:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-29 07:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-29 07:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-29 07:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\program files\Avira
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-29 06:40 . 2010-06-03 02:45 63488 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-29 06:40 . 2010-05-29 06:40 52224 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-29 06:40 . 2010-06-03 02:45 117760 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-25 13:28 . 2010-05-25 13:28 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\lhllelure
2010-05-22 23:11 . 2010-03-16 00:43 98136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe
2010-05-22 23:11 . 2009-07-07 19:59 22528 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll
2010-05-22 23:11 . 2010-02-22 17:48 29184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\!CheckMinSpec.dll
2010-05-22 23:11 . 2010-05-22 23:11 246073 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\npsoeact.dll
2010-05-22 23:11 . 2010-05-22 23:11 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment
2010-05-22 23:10 . 2010-04-26 17:50 151864 ----a-w- c:\documents and settings\jdguerra\Application Data\Mozilla\Firefox\Profiles\vrgvvs0q.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
2010-05-21 16:32 . 2009-10-20 20:30 70728 ----a-w- c:\windows\system32\mfevtps.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 23:34 . 2009-10-09 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Credant
2010-05-24 06:36 . 2009-11-20 21:17 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Skype
2010-05-24 06:36 . 2009-11-20 21:31 -------- d-----w- c:\documents and settings\jdguerra\Application Data\skypePM
2010-05-21 20:51 . 2010-05-22 23:12 12875096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe
2010-05-21 20:44 . 2010-05-22 23:12 2875392 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll
2010-05-21 20:43 . 2010-05-22 23:12 106496 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll
2010-05-21 16:52 . 2009-10-09 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-21 16:40 . 2009-10-09 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 05:12 . 2009-12-02 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 06:44 . 2009-10-09 21:50 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-04-29 22:39 . 2009-12-02 22:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-12-02 22:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:35 . 2010-05-22 23:12 892928 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\T4Lib.dll
2010-04-23 17:38 . 2010-05-22 23:12 626688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcr80.dll
2010-04-23 17:38 . 2010-05-22 23:12 548864 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcp80.dll
2010-04-23 17:38 . 2010-05-22 23:12 479232 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcm80.dll
2010-04-23 16:25 . 2009-10-09 21:54 -------- d-----w- c:\program files\logs
2010-04-23 03:53 . 2010-04-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-04-23 03:53 . 2009-10-09 21:56 -------- d-----w- c:\program files\WebEx
2010-04-08 01:09 . 2009-10-09 22:01 -------- d-----w- c:\program files\Network Associates
2010-03-31 11:48 . 2009-09-09 10:28 93816 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 823928 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2010-03-31 11:48 . 2009-09-09 10:28 53880 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 40568 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2010-03-31 11:48 . 2009-09-09 10:28 36984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 284280 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OESISCore.dll
2010-03-31 11:48 . 2009-09-09 10:28 27768 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 16504 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 164984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\FWManager.dll
2010-03-24 22:03 . 2010-05-22 23:12 1548288 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Bitmap.dll
2010-03-24 22:03 . 2010-05-22 23:12 1028096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Infinity.dll
2010-03-24 21:59 . 2010-05-22 23:12 372736 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControlForms.dll
2010-03-24 21:58 . 2010-05-22 23:12 3133440 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControl.dll
2010-03-24 21:56 . 2010-05-22 23:12 323584 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_D3D9.dll
2010-03-24 21:55 . 2010-05-22 23:12 458752 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFont_FT2.dll
2010-03-24 21:55 . 2010-05-22 23:12 237568 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GDI.dll
2010-03-24 21:55 . 2010-05-22 23:12 733184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw.dll
2010-03-24 21:54 . 2010-05-22 23:12 409600 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GParse.dll
2010-03-24 21:54 . 2010-05-22 23:12 266240 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_DX8.dll
2010-03-24 21:54 . 2010-05-22 23:12 225280 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_GDI.dll
2010-03-24 21:54 . 2010-05-22 23:12 114688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput.dll
2010-03-24 21:54 . 2010-05-22 23:12 1499136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GKernel.dll
2010-03-14 20:41 . 2010-03-14 20:41 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-12 04:08 . 2010-03-12 04:08 55960 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 11:49 . 2009-02-03 19:10 841216 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 11:49 . 2009-02-03 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 11:49 . 2009-02-03 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-02-03 19:10 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-02-26 21:39 . 2009-10-09 23:29 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-02-26 21:39 . 2009-10-09 23:29 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-02-26 21:39 . 2009-10-09 23:29 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-02-26 21:39 . 2009-10-09 23:29 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2008-06-12 14:53 . 2009-10-09 23:29 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 14:53 . 2009-10-09 23:29 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-10-20 979104]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2008-04-09 238896]
"E

#10 ctxman

ctxman
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 06 June 2010 - 02:43 PM

Mole, here is the Combofix Log

ComboFix 10-06-03.01 - jdguerra 06/06/2010 10:27:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2026.1191 [GMT -7:00]
Running from: c:\documents and settings\jdguerra\Desktop\ComFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
C:\Thumbs.db
c:\windows\system32\vb40032.dll

----- BITS: Possible infected sites -----

hxxp://SM-CALA-SM11:80
hxxp://SM-CALA-SM07:80
Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 17:47 . 2010-06-06 17:47 40428 ----a-w- c:\windows\system32\api_hook_list.dat
2010-06-06 17:47 . 2009-10-20 20:30 39816 ----a-w- c:\windows\system32\HIPIS0e011af.dll
2010-06-06 17:15 . 2008-08-14 00:08 325144 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-06 16:58 . 2010-06-06 17:00 -------- d-----w- C:\32788R22FWJFW
2010-05-31 05:37 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-31 05:37 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-31 05:37 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-31 05:37 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-31 05:36 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-31 05:36 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-31 05:36 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-31 05:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-31 05:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\program files\Alwil Software
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-30 06:13 . 2010-05-30 06:13 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\cisgubcik
2010-05-29 09:02 . 2010-05-29 09:02 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Avira
2010-05-29 07:16 . 2010-06-03 04:48 -------- d-----w- c:\windows\system32\NtmsData
2010-05-29 07:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-29 07:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-29 07:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-29 07:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\program files\Avira
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-29 06:40 . 2010-06-03 02:45 63488 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-29 06:40 . 2010-05-29 06:40 52224 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-29 06:40 . 2010-06-03 02:45 117760 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-25 13:28 . 2010-05-25 13:28 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\lhllelure
2010-05-22 23:11 . 2010-03-16 00:43 98136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe
2010-05-22 23:11 . 2009-07-07 19:59 22528 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll
2010-05-22 23:11 . 2010-02-22 17:48 29184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\!CheckMinSpec.dll
2010-05-22 23:11 . 2010-05-22 23:11 246073 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\npsoeact.dll
2010-05-22 23:11 . 2010-05-22 23:11 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment
2010-05-22 23:10 . 2010-04-26 17:50 151864 ----a-w- c:\documents and settings\jdguerra\Application Data\Mozilla\Firefox\Profiles\vrgvvs0q.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
2010-05-21 16:32 . 2009-10-20 20:30 70728 ----a-w- c:\windows\system32\mfevtps.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 23:34 . 2009-10-09 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Credant
2010-05-24 06:36 . 2009-11-20 21:17 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Skype
2010-05-24 06:36 . 2009-11-20 21:31 -------- d-----w- c:\documents and settings\jdguerra\Application Data\skypePM
2010-05-21 20:51 . 2010-05-22 23:12 12875096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe
2010-05-21 20:44 . 2010-05-22 23:12 2875392 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll
2010-05-21 20:43 . 2010-05-22 23:12 106496 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll
2010-05-21 16:52 . 2009-10-09 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-21 16:40 . 2009-10-09 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 05:12 . 2009-12-02 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 06:44 . 2009-10-09 21:50 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-04-29 22:39 . 2009-12-02 22:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-12-02 22:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:35 . 2010-05-22 23:12 892928 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\T4Lib.dll
2010-04-23 17:38 . 2010-05-22 23:12 626688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcr80.dll
2010-04-23 17:38 . 2010-05-22 23:12 548864 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcp80.dll
2010-04-23 17:38 . 2010-05-22 23:12 479232 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcm80.dll
2010-04-23 16:25 . 2009-10-09 21:54 -------- d-----w- c:\program files\logs
2010-04-23 03:53 . 2010-04-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-04-23 03:53 . 2009-10-09 21:56 -------- d-----w- c:\program files\WebEx
2010-04-08 01:09 . 2009-10-09 22:01 -------- d-----w- c:\program files\Network Associates
2010-03-31 11:48 . 2009-09-09 10:28 93816 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 823928 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2010-03-31 11:48 . 2009-09-09 10:28 53880 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 40568 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2010-03-31 11:48 . 2009-09-09 10:28 36984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 284280 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OESISCore.dll
2010-03-31 11:48 . 2009-09-09 10:28 27768 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 16504 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 164984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\FWManager.dll
2010-03-24 22:03 . 2010-05-22 23:12 1548288 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Bitmap.dll
2010-03-24 22:03 . 2010-05-22 23:12 1028096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Infinity.dll
2010-03-24 21:59 . 2010-05-22 23:12 372736 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControlForms.dll
2010-03-24 21:58 . 2010-05-22 23:12 3133440 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControl.dll
2010-03-24 21:56 . 2010-05-22 23:12 323584 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_D3D9.dll
2010-03-24 21:55 . 2010-05-22 23:12 458752 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFont_FT2.dll
2010-03-24 21:55 . 2010-05-22 23:12 237568 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GDI.dll
2010-03-24 21:55 . 2010-05-22 23:12 733184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw.dll
2010-03-24 21:54 . 2010-05-22 23:12 409600 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GParse.dll
2010-03-24 21:54 . 2010-05-22 23:12 266240 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_DX8.dll
2010-03-24 21:54 . 2010-05-22 23:12 225280 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_GDI.dll
2010-03-24 21:54 . 2010-05-22 23:12 114688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput.dll
2010-03-24 21:54 . 2010-05-22 23:12 1499136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GKernel.dll
2010-03-14 20:41 . 2010-03-14 20:41 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-12 04:08 . 2010-03-12 04:08 55960 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 11:49 . 2009-02-03 19:10 841216 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 11:49 . 2009-02-03 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 11:49 . 2009-02-03 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-02-03 19:10 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-02-26 21:39 . 2009-10-09 23:29 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-02-26 21:39 . 2009-10-09 23:29 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-02-26 21:39 . 2009-10-09 23:29 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-02-26 21:39 . 2009-10-09 23:29 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2008-06-12 14:53 . 2009-10-09 23:29 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 14:53 . 2009-10-09 23:29 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-10-20 979104]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2008-04-09 238896]
"E

Sorry for the double post....

I don't think it got all of the file pasted so I'm trying again:


ComboFix 10-06-03.01 - jdguerra 06/06/2010 10:27:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2026.1191 [GMT -7:00]
Running from: c:\documents and settings\jdguerra\Desktop\ComFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
C:\Thumbs.db
c:\windows\system32\vb40032.dll

----- BITS: Possible infected sites -----

hxxp://SM-CALA-SM11:80
hxxp://SM-CALA-SM07:80
Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 17:47 . 2010-06-06 17:47 40428 ----a-w- c:\windows\system32\api_hook_list.dat
2010-06-06 17:47 . 2009-10-20 20:30 39816 ----a-w- c:\windows\system32\HIPIS0e011af.dll
2010-06-06 17:15 . 2008-08-14 00:08 325144 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-06 16:58 . 2010-06-06 17:00 -------- d-----w- C:\32788R22FWJFW
2010-05-31 05:37 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-31 05:37 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-31 05:37 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-31 05:37 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-31 05:36 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-31 05:36 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-31 05:36 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-31 05:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-31 05:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\program files\Alwil Software
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-30 06:13 . 2010-05-30 06:13 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\cisgubcik
2010-05-29 09:02 . 2010-05-29 09:02 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Avira
2010-05-29 07:16 . 2010-06-03 04:48 -------- d-----w- c:\windows\system32\NtmsData
2010-05-29 07:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-29 07:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-29 07:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-29 07:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\program files\Avira
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-29 06:40 . 2010-06-03 02:45 63488 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-29 06:40 . 2010-05-29 06:40 52224 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-29 06:40 . 2010-06-03 02:45 117760 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-25 13:28 . 2010-05-25 13:28 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\lhllelure
2010-05-22 23:11 . 2010-03-16 00:43 98136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe
2010-05-22 23:11 . 2009-07-07 19:59 22528 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll
2010-05-22 23:11 . 2010-02-22 17:48 29184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\!CheckMinSpec.dll
2010-05-22 23:11 . 2010-05-22 23:11 246073 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\npsoeact.dll
2010-05-22 23:11 . 2010-05-22 23:11 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment
2010-05-22 23:10 . 2010-04-26 17:50 151864 ----a-w- c:\documents and settings\jdguerra\Application Data\Mozilla\Firefox\Profiles\vrgvvs0q.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
2010-05-21 16:32 . 2009-10-20 20:30 70728 ----a-w- c:\windows\system32\mfevtps.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 23:34 . 2009-10-09 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Credant
2010-05-24 06:36 . 2009-11-20 21:17 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Skype
2010-05-24 06:36 . 2009-11-20 21:31 -------- d-----w- c:\documents and settings\jdguerra\Application Data\skypePM
2010-05-21 20:51 . 2010-05-22 23:12 12875096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe
2010-05-21 20:44 . 2010-05-22 23:12 2875392 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll
2010-05-21 20:43 . 2010-05-22 23:12 106496 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll
2010-05-21 16:52 . 2009-10-09 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-21 16:40 . 2009-10-09 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 05:12 . 2009-12-02 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 06:44 . 2009-10-09 21:50 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-04-29 22:39 . 2009-12-02 22:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-12-02 22:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:35 . 2010-05-22 23:12 892928 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\T4Lib.dll
2010-04-23 17:38 . 2010-05-22 23:12 626688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcr80.dll
2010-04-23 17:38 . 2010-05-22 23:12 548864 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcp80.dll
2010-04-23 17:38 . 2010-05-22 23:12 479232 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcm80.dll
2010-04-23 16:25 . 2009-10-09 21:54 -------- d-----w- c:\program files\logs
2010-04-23 03:53 . 2010-04-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-04-23 03:53 . 2009-10-09 21:56 -------- d-----w- c:\program files\WebEx
2010-04-08 01:09 . 2009-10-09 22:01 -------- d-----w- c:\program files\Network Associates
2010-03-31 11:48 . 2009-09-09 10:28 93816 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 823928 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2010-03-31 11:48 . 2009-09-09 10:28 53880 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 40568 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2010-03-31 11:48 . 2009-09-09 10:28 36984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 284280 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OESISCore.dll
2010-03-31 11:48 . 2009-09-09 10:28 27768 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 16504 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 164984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\FWManager.dll
2010-03-24 22:03 . 2010-05-22 23:12 1548288 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Bitmap.dll
2010-03-24 22:03 . 2010-05-22 23:12 1028096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Infinity.dll
2010-03-24 21:59 . 2010-05-22 23:12 372736 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControlForms.dll
2010-03-24 21:58 . 2010-05-22 23:12 3133440 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControl.dll
2010-03-24 21:56 . 2010-05-22 23:12 323584 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_D3D9.dll
2010-03-24 21:55 . 2010-05-22 23:12 458752 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFont_FT2.dll
2010-03-24 21:55 . 2010-05-22 23:12 237568 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GDI.dll
2010-03-24 21:55 . 2010-05-22 23:12 733184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw.dll
2010-03-24 21:54 . 2010-05-22 23:12 409600 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GParse.dll
2010-03-24 21:54 . 2010-05-22 23:12 266240 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_DX8.dll
2010-03-24 21:54 . 2010-05-22 23:12 225280 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_GDI.dll
2010-03-24 21:54 . 2010-05-22 23:12 114688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput.dll
2010-03-24 21:54 . 2010-05-22 23:12 1499136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GKernel.dll
2010-03-14 20:41 . 2010-03-14 20:41 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-12 04:08 . 2010-03-12 04:08 55960 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 11:49 . 2009-02-03 19:10 841216 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 11:49 . 2009-02-03 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 11:49 . 2009-02-03 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-02-03 19:10 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-02-26 21:39 . 2009-10-09 23:29 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-02-26 21:39 . 2009-10-09 23:29 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-02-26 21:39 . 2009-10-09 23:29 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-02-26 21:39 . 2009-10-09 23:29 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2008-06-12 14:53 . 2009-10-09 23:29 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 14:53 . 2009-10-09 23:29 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-10-20 979104]
"Cm

Sorry for the double post....

I don't think it got all of the file pasted so I'm trying again:


ComboFix 10-06-03.01 - jdguerra 06/06/2010 10:27:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2026.1191 [GMT -7:00]
Running from: c:\documents and settings\jdguerra\Desktop\ComFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
C:\Thumbs.db
c:\windows\system32\vb40032.dll

----- BITS: Possible infected sites -----

hxxp://SM-CALA-SM11:80
hxxp://SM-CALA-SM07:80
Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 17:47 . 2010-06-06 17:47 40428 ----a-w- c:\windows\system32\api_hook_list.dat
2010-06-06 17:47 . 2009-10-20 20:30 39816 ----a-w- c:\windows\system32\HIPIS0e011af.dll
2010-06-06 17:15 . 2008-08-14 00:08 325144 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-06 16:58 . 2010-06-06 17:00 -------- d-----w- C:\32788R22FWJFW
2010-05-31 05:37 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-31 05:37 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-31 05:37 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-31 05:37 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-31 05:36 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-31 05:36 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-31 05:36 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-31 05:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-31 05:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\program files\Alwil Software
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-30 06:13 . 2010-05-30 06:13 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\cisgubcik
2010-05-29 09:02 . 2010-05-29 09:02 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Avira
2010-05-29 07:16 . 2010-06-03 04:48 -------- d-----w- c:\windows\system32\NtmsData
2010-05-29 07:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-29 07:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-29 07:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-29 07:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\program files\Avira
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-29 06:40 . 2010-06-03 02:45 63488 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-29 06:40 . 2010-05-29 06:40 52224 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-29 06:40 . 2010-06-03 02:45 117760 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-25 13:28 . 2010-05-25 13:28 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\lhllelure
2010-05-22 23:11 . 2010-03-16 00:43 98136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe
2010-05-22 23:11 . 2009-07-07 19:59 22528 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll
2010-05-22 23:11 . 2010-02-22 17:48 29184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\!CheckMinSpec.dll
2010-05-22 23:11 . 2010-05-22 23:11 246073 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\npsoeact.dll
2010-05-22 23:11 . 2010-05-22 23:11 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment
2010-05-22 23:10 . 2010-04-26 17:50 151864 ----a-w- c:\documents and settings\jdguerra\Application Data\Mozilla\Firefox\Profiles\vrgvvs0q.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
2010-05-21 16:32 . 2009-10-20 20:30 70728 ----a-w- c:\windows\system32\mfevtps.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 23:34 . 2009-10-09 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Credant
2010-05-24 06:36 . 2009-11-20 21:17 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Skype
2010-05-24 06:36 . 2009-11-20 21:31 -------- d-----w- c:\documents and settings\jdguerra\Application Data\skypePM
2010-05-21 20:51 . 2010-05-22 23:12 12875096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe
2010-05-21 20:44 . 2010-05-22 23:12 2875392 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll
2010-05-21 20:43 . 2010-05-22 23:12 106496 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll
2010-05-21 16:52 . 2009-10-09 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-21 16:40 . 2009-10-09 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 05:12 . 2009-12-02 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 06:44 . 2009-10-09 21:50 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-04-29 22:39 . 2009-12-02 22:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-12-02 22:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:35 . 2010-05-22 23:12 892928 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\T4Lib.dll
2010-04-23 17:38 . 2010-05-22 23:12 626688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcr80.dll
2010-04-23 17:38 . 2010-05-22 23:12 548864 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcp80.dll
2010-04-23 17:38 . 2010-05-22 23:12 479232 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcm80.dll
2010-04-23 16:25 . 2009-10-09 21:54 -------- d-----w- c:\program files\logs
2010-04-23 03:53 . 2010-04-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-04-23 03:53 . 2009-10-09 21:56 -------- d-----w- c:\program files\WebEx
2010-04-08 01:09 . 2009-10-09 22:01 -------- d-----w- c:\program files\Network Associates
2010-03-31 11:48 . 2009-09-09 10:28 93816 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 823928 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2010-03-31 11:48 . 2009-09-09 10:28 53880 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 40568 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2010-03-31 11:48 . 2009-09-09 10:28 36984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 284280 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OESISCore.dll
2010-03-31 11:48 . 2009-09-09 10:28 27768 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 16504 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 164984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\FWManager.dll
2010-03-24 22:03 . 2010-05-22 23:12 1548288 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Bitmap.dll
2010-03-24 22:03 . 2010-05-22 23:12 1028096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Infinity.dll
2010-03-24 21:59 . 2010-05-22 23:12 372736 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControlForms.dll
2010-03-24 21:58 . 2010-05-22 23:12 3133440 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControl.dll
2010-03-24 21:56 . 2010-05-22 23:12 323584 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_D3D9.dll
2010-03-24 21:55 . 2010-05-22 23:12 458752 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFont_FT2.dll
2010-03-24 21:55 . 2010-05-22 23:12 237568 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GDI.dll
2010-03-24 21:55 . 2010-05-22 23:12 733184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw.dll
2010-03-24 21:54 . 2010-05-22 23:12 409600 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GParse.dll
2010-03-24 21:54 . 2010-05-22 23:12 266240 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_DX8.dll
2010-03-24 21:54 . 2010-05-22 23:12 225280 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_GDI.dll
2010-03-24 21:54 . 2010-05-22 23:12 114688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput.dll
2010-03-24 21:54 . 2010-05-22 23:12 1499136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GKernel.dll
2010-03-14 20:41 . 2010-03-14 20:41 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-12 04:08 . 2010-03-12 04:08 55960 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 11:49 . 2009-02-03 19:10 841216 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 11:49 . 2009-02-03 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 11:49 . 2009-02-03 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-02-03 19:10 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-02-26 21:39 . 2009-10-09 23:29 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-02-26 21:39 . 2009-10-09 23:29 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-02-26 21:39 . 2009-10-09 23:29 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-02-26 21:39 . 2009-10-09 23:29 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2008-06-12 14:53 . 2009-10-09 23:29 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 14:53 . 2009-10-09 23:29 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-10-20 979104]
"Cm

#11 ctxman

ctxman
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 06 June 2010 - 02:48 PM

Doesn't seem to post it all so I'll cut and paste in pieces...

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-10-20 979104]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2008-04-09 238896]
"EmsService"="EmsServiceHelper.exe" [2008-04-09 1946928]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2009-05-13 5069648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"eTMonitor"="c:\program files\Common Files\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe" [2007-09-19 221184]
"eelstray"="c:\program files\Common Files%

#12 ctxman

ctxman
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 06 June 2010 - 02:50 PM

Doesn't seem to post it all so I'll cut and paste in pieces...

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-10-20 979104]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe" [2008-04-09 238896]
"EmsService"="EmsServiceHelper.exe" [2008-04-09 1946928]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2009-05-13 5069648]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"eTMonitor"="c:\program files\Common Files\Aladdin Shared\eToken\PKIClient\x32\PKIMonitor.exe" [2007-09-19 221184]
"eelstray"="c:\program files\Common Files

#13 ctxman

ctxman
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 06 June 2010 - 02:51 PM

Mole, when I try to post the logs it keeps saying "Connection reset" and not allowing me to post the entire log.

Shall I save the text file and post it here as an attachment instead?

#14 ctxman

ctxman
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 06 June 2010 - 02:53 PM

Trying one more time...

ComboFix 10-06-03.01 - jdguerra 06/06/2010 10:27:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2026.1191 [GMT -7:00]
Running from: c:\documents and settings\jdguerra\Desktop\ComFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
C:\Thumbs.db
c:\windows\system32\vb40032.dll

----- BITS: Possible infected sites -----

hxxp://SM-CALA-SM11:80
hxxp://SM-CALA-SM07:80
Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 17:47 . 2010-06-06 17:47 40428 ----a-w- c:\windows\system32\api_hook_list.dat
2010-06-06 17:47 . 2009-10-20 20:30 39816 ----a-w- c:\windows\system32\HIPIS0e011af.dll
2010-06-06 17:15 . 2008-08-14 00:08 325144 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-06 16:58 . 2010-06-06 17:00 -------- d-----w- C:\32788R22FWJFW
2010-05-31 05:37 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-31 05:37 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-31 05:37 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-31 05:37 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-31 05:36 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-31 05:36 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-31 05:36 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-31 05:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-31 05:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\program files\Alwil Software
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-30 06:13 . 2010-05-30 06:13 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\cisgubcik
2010-05-29 09:02 . 2010-05-29 09:02 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Avira
2010-05-29 07:16 . 2010-06-03 04:48 -------- d-----w- c:\windows\system32\NtmsData
2010-05-29 07:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-29 07:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-29 07:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-29 07:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\program files\Avira
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-29 06:40 . 2010-06-03 02:45 63488 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-29 06:40 . 2010-05-29 06:40 52224 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-29 06:40 . 2010-06-03 02:45 117760 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-25 13:28 . 2010-05-25 13:28 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\lhllelure
2010-05-22 23:11 . 2010-03-16 00:43 98136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe
2010-05-22 23:11 . 2009-07-07 19:59 22528 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll
2010-05-22 23:11 . 2010-02-22 17:48 29184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\!CheckMinSpec.dll
2010-05-22 23:11 . 2010-05-22 23:11 246073 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\npsoeact.dll
2010-05-22 23:11 . 2010-05-22 23:11 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment
2010-05-22 23:10 . 2010-04-26 17:50 151864 ----a-w- c:\documents and settings\jdguerra\Application Data\Mozilla\Firefox\Profiles\vrgvvs0q.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
2010-05-21 16:32 . 2009-10-20 20:30 70728 ----a-w- c:\windows\system32\mfevtps.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 23:34 . 2009-10-09 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Credant
2010-05-24 06:36 . 2009-11-20 21:17 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Skype
2010-05-24 06:36 . 2009-11-20 21:31 -------- d-----w- c:\documents and settings\jdguerra\Application Data\skypePM
2010-05-21 20:51 . 2010-05-22 23:12 12875096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe
2010-05-21 20:44 . 2010-05-22 23:12 2875392 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll
2010-05-21 20:43 . 2010-05-22 23:12 106496 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll
2010-05-21 16:52 . 2009-10-09 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-21 16:40 . 2009-10-09 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 05:12 . 2009-12-02 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 06:44 . 2009-10-09 21:50 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-04-29 22:39 . 2009-12-02 22:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-12-02 22:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:35 . 2010-05-22 23:12 892928 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\T4Lib.dll
2010-04-23 17:38 . 2010-05-22 23:12 626688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcr80.dll
2010-04-23 17:38 . 2010-05-22 23:12 548864 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcp80.dll
2010-04-23 17:38 . 2010-05-22 23:12 479232 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcm80.dll
2010-04-23 16:25 . 2009-10-09 21:54 -------- d-----w- c:\program files\logs
2010-04-23 03:53 . 2010-04-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-04-23 03:53 . 2009-10-09 21:56 -------- d-----w- c:\program files\WebEx
2010-04-08 01:09 . 2009-10-09 22:01 -------- d-----w- c:\program files\Network Associates
2010-03-31 11:48 . 2009-09-09 10:28 93816 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 823928 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2010-03-31 11:48 . 2009-09-09 10:28 53880 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 40568 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2010-03-31 11:48 . 2009-09-09 10:28 36984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 284280 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OESISCore.dll
2010-03-31 11:48 . 2009-09-09 10:28 27768 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 16504 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 164984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\FWManager.dll
2010-03-24 22:03 . 2010-05-22 23:12 1548288 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Bitmap.dll
2010-03-24 22:03 . 2010-05-22 23:12 1028096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Infinity.dll
2010-03-24 21:59 . 2010-05-22 23:12 372736 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControlForms.dll
2010-03-24 21:58 . 2010-05-22 23:12 3133440 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControl.dll
2010-03-24 21:56 . 2010-05-22 23:12 323584 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_D3D9.dll
2010-03-24 21:55 . 2010-05-22 23:12 458752 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFont_FT2.dll
2010-03-24 21:55 . 2010-05-22 23:12 237568 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GDI.dll
2010-03-24 21:55 . 2010-05-22 23:12 733184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw.dll
2010-03-24 21:54 . 2010-05-22 23:12 409600 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GParse.dll
2010-03-24 21:54 . 2010-05-22 23:12 266240 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_DX8.dll
2010-03-24 21:54 . 2010-05-22 23:12 225280 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_GDI.dll
2010-03-24 21:54 . 2010-05-22 23:12 114688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput.dll
2010-03-24 21:54 . 2010-05-22 23:12 1499136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GKernel.dll
2010-03-14 20:41 . 2010-03-14 20:41 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-12 04:08 . 2010-03-12 04:08 55960 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 11:49 . 2009-02-03 19:10 841216 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 11:49 . 2009-02-03 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 11:49 . 2009-02-03 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-02-03 19:10 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-02-26 21:39 . 2009-10-09 23:29 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-02-26 21:39 . 2009-10-09 23:29 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-02-26 21:39 . 2009-10-09 23:29 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-02-26 21:39 . 2009-10-09 23:29 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2008-06-12 14:53 . 2009-10-09 23:29 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 14:53 . 2009-10-09 23:29 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-05-29 367128]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-11-10 136512]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2009-10-20 979104]
"CmgShieldUI"="c:\windows\System32\CMGShieldUI.exe%2

ComboFix 10-06-03.01 - jdguerra 06/06/2010 10:27:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2026.1191 [GMT -7:00]
Running from: c:\documents and settings\jdguerra\Desktop\ComFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *enabled* {2F1275E3-2F4F-43E9-944B-3F63F9BDA5F5}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\jdguerra\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
C:\Thumbs.db
c:\windows\system32\vb40032.dll

----- BITS: Possible infected sites -----

hxxp://SM-CALA-SM11:80
hxxp://SM-CALA-SM07:80
Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 17:47 . 2010-06-06 17:47 40428 ----a-w- c:\windows\system32\api_hook_list.dat
2010-06-06 17:47 . 2009-10-20 20:30 39816 ----a-w- c:\windows\system32\HIPIS0e011af.dll
2010-06-06 17:15 . 2008-08-14 00:08 325144 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-06 16:58 . 2010-06-06 17:00 -------- d-----w- C:\32788R22FWJFW
2010-05-31 05:37 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-31 05:37 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-31 05:37 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-31 05:37 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-31 05:36 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-31 05:36 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-31 05:36 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-31 05:33 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-31 05:33 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\program files\Alwil Software
2010-05-31 05:33 . 2010-05-31 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-30 06:13 . 2010-05-30 06:13 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\cisgubcik
2010-05-29 09:02 . 2010-05-29 09:02 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Avira
2010-05-29 07:16 . 2010-06-03 04:48 -------- d-----w- c:\windows\system32\NtmsData
2010-05-29 07:11 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-05-29 07:11 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-05-29 07:11 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-05-29 07:11 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\program files\Avira
2010-05-29 07:11 . 2010-05-29 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-05-29 06:40 . 2010-06-03 02:45 63488 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-29 06:40 . 2010-05-29 06:40 52224 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-29 06:40 . 2010-06-03 02:45 117760 ----a-w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\jdguerra\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-29 06:39 . 2010-05-29 06:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-25 13:28 . 2010-05-25 13:28 -------- d-----w- c:\documents and settings\jdguerra\Local Settings\Application Data\lhllelure
2010-05-22 23:11 . 2010-03-16 00:43 98136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Uninstaller.exe
2010-05-22 23:11 . 2009-07-07 19:59 22528 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Conditionals\!if.needlibrary.d3dx9_31.dll
2010-05-22 23:11 . 2010-02-22 17:48 29184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\!CheckMinSpec.dll
2010-05-22 23:11 . 2010-05-22 23:11 246073 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\npsoeact.dll
2010-05-22 23:11 . 2010-05-22 23:11 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment
2010-05-22 23:10 . 2010-04-26 17:50 151864 ----a-w- c:\documents and settings\jdguerra\Application Data\Mozilla\Firefox\Profiles\vrgvvs0q.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
2010-05-21 16:32 . 2009-10-20 20:30 70728 ----a-w- c:\windows\system32\mfevtps.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 23:34 . 2009-10-09 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Credant
2010-05-24 06:36 . 2009-11-20 21:17 -------- d-----w- c:\documents and settings\jdguerra\Application Data\Skype
2010-05-24 06:36 . 2009-11-20 21:31 -------- d-----w- c:\documents and settings\jdguerra\Application Data\skypePM
2010-05-21 20:51 . 2010-05-22 23:12 12875096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe
2010-05-21 20:44 . 2010-05-22 23:12 2875392 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFxWrap.dll
2010-05-21 20:43 . 2010-05-22 23:12 106496 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GraphicsDriver.dll
2010-05-21 16:52 . 2009-10-09 21:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-21 16:40 . 2009-10-09 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-10 05:12 . 2009-12-02 22:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 06:44 . 2009-10-09 21:50 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2010-04-29 22:39 . 2009-12-02 22:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-12-02 22:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 17:35 . 2010-05-22 23:12 892928 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\T4Lib.dll
2010-04-23 17:38 . 2010-05-22 23:12 626688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcr80.dll
2010-04-23 17:38 . 2010-05-22 23:12 548864 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcp80.dll
2010-04-23 17:38 . 2010-05-22 23:12 479232 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\Microsoft.VC80.CRT\msvcm80.dll
2010-04-23 16:25 . 2009-10-09 21:54 -------- d-----w- c:\program files\logs
2010-04-23 03:53 . 2010-04-23 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-04-23 03:53 . 2009-10-09 21:56 -------- d-----w- c:\program files\WebEx
2010-04-08 01:09 . 2009-10-09 22:01 -------- d-----w- c:\program files\Network Associates
2010-03-31 11:48 . 2009-09-09 10:28 93816 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 823928 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2010-03-31 11:48 . 2009-09-09 10:28 53880 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 40568 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2010-03-31 11:48 . 2009-09-09 10:28 36984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2010-03-31 11:48 . 2009-09-09 10:28 284280 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\OESISCore.dll
2010-03-31 11:48 . 2009-09-09 10:28 27768 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 16504 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll
2010-03-31 11:48 . 2009-09-09 10:28 164984 ----a-w- c:\documents and settings\jdguerra\Application Data\Juniper Networks\Host Checker\FWManager.dll
2010-03-24 22:03 . 2010-05-22 23:12 1548288 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Bitmap.dll
2010-03-24 22:03 . 2010-05-22 23:12 1028096 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GCtrlTheme_Infinity.dll
2010-03-24 21:59 . 2010-05-22 23:12 372736 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControlForms.dll
2010-03-24 21:58 . 2010-05-22 23:12 3133440 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GControl.dll
2010-03-24 21:56 . 2010-05-22 23:12 323584 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_D3D9.dll
2010-03-24 21:55 . 2010-05-22 23:12 458752 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GFont_FT2.dll
2010-03-24 21:55 . 2010-05-22 23:12 237568 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw_GDI.dll
2010-03-24 21:55 . 2010-05-22 23:12 733184 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GDraw.dll
2010-03-24 21:54 . 2010-05-22 23:12 409600 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GParse.dll
2010-03-24 21:54 . 2010-05-22 23:12 266240 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_DX8.dll
2010-03-24 21:54 . 2010-05-22 23:12 225280 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput_GDI.dll
2010-03-24 21:54 . 2010-05-22 23:12 114688 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GInput.dll
2010-03-24 21:54 . 2010-05-22 23:12 1499136 ----a-w- c:\documents and settings\jdguerra\Application Data\Sony Online Entertainment\Installed Games\Free Realms\GKernel.dll
2010-03-14 20:41 . 2010-03-14 20:41 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-03-12 04:08 . 2010-03-12 04:08 55960 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 11:49 . 2009-02-03 19:10 841216 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 11:49 . 2009-02-03 19:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 11:49 . 2009-02-03 19:09 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-02-03 19:10 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-02-26 21:39 . 2009-10-09 23:29 3125248 ----a-w- c:\program files\Common Files\sapxlhelper.dll
2009-02-26 21:39 . 2009-10-09 23:29 192512 ----a-w- c:\program files\Common Files\sapconsr3.dll
2009-02-26 21:39 . 2009-10-09 23:29 626688 ----a-w- c:\program files\Common Files\sapconsaccess.dll
2009-02-26 21:39 . 2009-10-09 23:29 40960 ----a-w- c:\program files\Common Files\DigitalSignature.ocx
2008-06-12 14:53 . 2009-10-09 23:29 955904 ----a-w- c:\program files\Common Files\SAPActiveXL.xlt
2008-06-12 14:53 . 2009-10-09 23:29 949760 ----a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
.

((((((((((((((((((((((((((((((((((((( Reg Loadi

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:07 PM

Posted 06 June 2010 - 06:00 PM

Malware's revenge! sad.gif

Either attach it or if that fails too you could upload it to a file storage site and give me the link. smile.gif

Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users