Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: done the malware removal steps, but can't get connected to the internet.  (Read 6700 times)

0 Members and 1 Guest are viewing this topic.

littlesquall

    Topic Starter


    Greenhorn

    Hi,
    I need some help with my laptop.Hope computer hope can help me.  At first my laptop cannot run any applications. the file **** is infected. I tried to format my laptop but can't, it keep on shutting down when I try to boot from CD. Thus, I followed all the malware removal steps. then, everything is running back to normal. Just that I can't get connected to the internet. Can you help me, how to fix this?

    Herewith, I paste all the logs, in case if it is needed.

    SuperAntispyware log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/16/2010 at 01:00 PM

    Application Version : 4.41.1000

    Core Rules Database Version : 5360
    Trace Rules Database Version: 3172

    Scan type       : Complete Scan
    Total Scan Time : 02:21:40

    Memory items scanned      : 578
    Memory threats detected   : 0
    Registry items scanned    : 8322
    Registry threats detected : 2
    File items scanned        : 131293
    File threats detected     : 22

    Trojan.Agent/Gen-Frauder
       [jjlghcfp] C:\DOCUMENTS AND SETTINGS\IMAN\LOCAL SETTINGS\APPLICATION DATA\AFLGBTIDE\NCKLCBSSHDW.EXE
       C:\DOCUMENTS AND SETTINGS\IMAN\LOCAL SETTINGS\APPLICATION DATA\AFLGBTIDE\NCKLCBSSHDW.EXE
       [jjlghcfp] C:\DOCUMENTS AND SETTINGS\IMAN\LOCAL SETTINGS\APPLICATION DATA\AFLGBTIDE\NCKLCBSSHDW.EXE

    Adware.Tracking Cookie
       C:\Documents and Settings\iman\Cookies\iman@atdmt[1].txt
       C:\Documents and Settings\iman\Cookies\iman@atdmt[2].txt
       acvs.mediaonenetwork.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       cdn4.specificclick.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       foodbycountry.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       googleads.g.doubleclick.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       ia.media-imdb.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       m1.2mdn.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       macromedia.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       media.channelv.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       media.mtvnservices.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       media.scanscout.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       media.socialvibe.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       serving-sys.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       spe.atdmt.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       stat.radioblogclub.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       static.2mdn.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
       vitamine.networldmedia.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]

    Adware.AdRotator
       C:\WINDOWS\$NTUNINSTALLMTF1011$\zrpt.xml
       C:\WINDOWS\$NTUNINSTALLMTF1011$

    Trojan.Dropper/SVCHost-Fake
       C:\WINDOWS\SVCHOST.EXE

    MBAM log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4434

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    8/16/2010 3:24:36 PM
    mbam-log-2010-08-16 (15-24-36).txt

    Scan type: Quick scan
    Objects scanned: 156780
    Time elapsed: 8 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll (Trojan.BHO.H) -> Delete on reboot.
    C:\WINDOWS\sys.exe (Trojan.Banker) -> Quarantined and deleted successfully.

    Hijack this Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:28:48 AM, on 8/17/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Emsisoft\Online Armor\OAcat.exe
    C:\Program Files\Emsisoft\Online Armor\oasrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Emsisoft\Online Armor\oaui.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEMonitor.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Trend Micro\HiJackThis\sniper.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
    R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [LaunchApp] launchapp
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CS2\Services\Tcpip\..\{1E03CE52-804E-4BEE-B526-F22F962BAD8E}: NameServer = 202.185.48.7,202.185.33.7
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
    O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe

    --
    End of file - 11085 bytes


    thanks in advance for your concern. It is much appreciated.

    -littlesquall-




    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

    Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

    Exit out of MessengerDisable then delete the two files that were put on the desktop.

    ************************************

    Open HijackThis and select Do a system scan only

    Place a check mark next to the following entries: (if there)

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
    R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.
    ***************************************
    Download ComboFix by sUBs from one of the below links. 

    Important! You MUST save ComboFix to your desktop

    link # 1
    Link # 2

    Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Double click on ComboFix.exe & follow the prompts.

    Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

    Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    When the scan completes it will open a text window.
     
    Post the contents of that log in your next reply.

    Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.
    ********************************************88
    Download Security Check by screen317 from one of the following links and save it to your desktop.

    Link 1
    Link 2

    * Unzip SecurityCheck.zip and a folder named Security Check should appear.
    * Open the Security Check folder and double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    Windows 8 and Windows 10 dual boot with two SSD's

    littlesquall

      Topic Starter


      Greenhorn

      combofix log:

      ComboFix 10-08-18.04 - iman 08/20/2010   8:03.1.1 - x86
      Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1421 [GMT 8:00]
      Running from: c:\documents and settings\iman\Desktop\ComboFix.exe
      AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
      FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
      .

      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\program files\Internet Explorer\SET5D.tmp
      c:\program files\Internet Explorer\SET5E.tmp
      c:\program files\Internet Explorer\SETB5.tmp
      c:\program files\Internet Explorer\SETBA.tmp
      c:\windows\system32\_000005_.tmp.dll
      c:\windows\system32\logs
      c:\windows\system32\Temp

      .
      (((((((((((((((((((((((((   Files Created from 2010-07-20 to 2010-08-20  )))))))))))))))))))))))))))))))
      .

      2010-08-19 23:13 . 2010-04-29 07:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
      2010-08-19 23:13 . 2010-04-29 07:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2010-08-19 23:13 . 2010-08-19 23:13   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
      2010-08-19 23:04 . 2010-08-19 23:12   63488   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
      2010-08-19 23:04 . 2010-08-19 23:04   52224   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
      2010-08-19 23:04 . 2010-08-19 23:12   117760   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
      2010-08-19 23:04 . 2010-08-19 23:04   --------   d-----w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com
      2010-08-19 23:04 . 2010-08-19 23:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
      2010-08-19 22:53 . 2010-08-19 23:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
      2010-08-19 22:53 . 2010-08-19 22:54   --------   d-----w-   c:\documents and settings\iman\Application Data\OnlineArmor
      2010-08-19 22:53 . 2010-07-05 00:44   22600   ----a-w-   c:\windows\system32\drivers\OAmon.sys
      2010-08-19 22:53 . 2010-07-05 00:44   28232   ----a-w-   c:\windows\system32\drivers\OAnet.sys
      2010-08-19 22:53 . 2010-07-05 00:43   236104   ----a-w-   c:\windows\system32\drivers\OADriver.sys
      2010-08-19 22:53 . 2010-08-19 22:53   --------   d-----w-   c:\program files\Emsisoft
      2010-08-17 18:50 . 2010-06-01 17:37   221568   ------w-   c:\windows\system32\MpSigStub.exe
      2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\scripting
      2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\l2schemas
      2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\en
      2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\bits
      2010-08-16 20:47 . 2010-08-16 20:47   --------   d-----w-   c:\windows\EHome
      2010-08-16 08:52 . 2010-08-16 08:52   --------   d-----w-   c:\program files\Trend Micro
      2010-08-16 06:55 . 2010-08-16 06:55   --------   d-----w-   c:\documents and settings\iman\Application Data\Malwarebytes
      2010-08-16 06:55 . 2010-08-16 06:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
      2010-08-16 02:20 . 2010-08-16 02:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
      2010-08-16 02:12 . 2010-08-16 02:12   95360   ----a-w-   c:\windows\system32\drivers\ATAPI.SYS
      2010-08-16 00:11 . 2010-08-16 00:11   --------   d-----w-   c:\program files\CCleaner
      2010-08-15 23:26 . 2010-08-15 23:26   --------   d-----w-   c:\program files\Microsoft Security Essentials
      2010-08-13 18:35 . 2010-08-16 05:03   --------   d-----w-   c:\documents and settings\iman\Local Settings\Application Data\aflgbtide
      2010-08-13 18:34 . 2010-08-16 02:12   --------   d-----w-   c:\documents and settings\iman\Application Data\2DBDD7E54A79B756F39BA4FEC9088C2A
      2010-08-07 00:02 . 2010-08-07 00:02   116144   ----a-w-   c:\documents and settings\iman\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
      2010-08-07 00:02 . 2010-08-09 15:59   --------   d-----w-   c:\documents and settings\iman\Application Data\IDM
      2010-07-25 18:25 . 2010-08-19 22:45   452104   ----a-w-   c:\documents and settings\iman\Application Data\Real\Update\setup3.12\setup.exe

      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-08-20 00:08 . 2009-01-08 07:22   --------   d-----w-   c:\documents and settings\iman\Application Data\DMCache
      2010-08-20 00:04 . 2008-11-28 12:53   --------   d-----w-   c:\documents and settings\iman\Application Data\skypePM
      2010-08-20 00:00 . 2008-11-28 12:52   --------   d-----w-   c:\documents and settings\iman\Application Data\Skype
      2010-08-16 22:39 . 2004-08-03 23:00   42112   ----a-w-   c:\windows\system32\drivers\imapi.sys
      2010-08-16 22:26 . 2008-11-23 16:24   135592   -c--a-w-   c:\documents and settings\iman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2010-08-16 21:00 . 2006-02-06 21:13   76487   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
      2010-08-16 11:48 . 2008-12-20 02:07   --------   d-----w-   c:\program files\Windows Media Connect 2
      2010-08-16 09:29 . 2010-05-12 17:05   --------   d-----w-   c:\program files\Macromedia
      2010-08-16 09:29 . 2010-05-12 17:05   --------   d-----w-   c:\program files\Common Files\Macromedia
      2010-08-16 08:48 . 2006-02-06 21:36   --------   d-----w-   c:\program files\Java
      2010-08-16 06:10 . 2008-11-23 16:16   --------   d-----w-   c:\program files\Common Files\Autodesk Shared
      2010-08-16 06:02 . 2006-02-06 21:29   --------   d-----w-   c:\program files\Common Files\Adobe
      2010-08-16 00:21 . 2008-11-24 14:22   --------   d-----w-   c:\documents and settings\iman\Application Data\Media Player Classic
      2010-08-15 23:40 . 2010-06-14 06:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
      2010-08-15 23:40 . 2010-06-14 06:45   --------   d-----w-   c:\program files\Common Files\Apple
      2010-08-11 03:07 . 2008-11-23 16:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
      2010-07-15 18:22 . 2010-06-14 06:47   --------   d-----w-   c:\program files\QuickTime
      2010-07-15 06:06 . 2010-07-15 06:06   737280   ----a-w-   c:\windows\iun6002.exe
      2010-07-09 08:07 . 2010-06-09 00:32   --------   d-----r-   c:\program files\Skype
      2010-07-09 08:04 . 2006-02-06 21:24   --------   d--h--w-   c:\program files\InstallShield Installation Information
      2010-07-04 13:14 . 2010-04-12 11:42   439816   ----a-w-   c:\documents and settings\iman\Application Data\Real\Update\setup3.10\setup.exe
      2010-06-30 12:31 . 2006-02-06 12:57   149504   ----a-w-   c:\windows\system32\schannel.dll
      2010-06-24 12:22 . 2006-02-06 12:57   916480   ----a-w-   c:\windows\system32\wininet.dll
      2010-06-23 13:44 . 2006-02-06 12:57   1851904   ----a-w-   c:\windows\system32\win32k.sys
      2010-06-21 15:27 . 2006-02-06 12:57   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
      2010-06-17 14:03 . 2006-02-06 12:57   80384   ----a-w-   c:\windows\system32\iccvid.dll
      2010-06-14 14:31 . 2006-02-06 21:12   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
      2010-06-14 07:41 . 2006-02-06 12:57   1172480   ----a-w-   c:\windows\system32\msxml3.dll
      2009-08-07 02:38 . 2009-09-02 12:13   45056   ----a-w-   c:\program files\mozilla firefox\components\FFComm.dll
      2008-06-27 10:57 . 2009-01-16 14:04   172032   ----a-w-   c:\program files\mozilla firefox\components\XPBrowsealoudPlugin.dll
      .

      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
      "Google Update"="c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-23 133104]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LaunchApp"="launchapp" [X]
      "CFSServ.exe"="CFSServ.exe -NoClient" [X]
      "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
      "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
      "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
      "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
      "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
      "NDSTray.exe"="NDSTray.exe" [BU]
      "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
      "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 1589248]
      "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
      "TPSMain"="TPSMain.exe" [2005-06-01 282624]
      "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
      "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
      "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
      "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
      "@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-05 6854984]

      c:\documents and settings\iman\Start Menu\Programs\Startup\
      OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
      RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-7 155648]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
      "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-05 924488]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
      @="Service"

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
      "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "56766:TCP"= 56766:TCP:PMB P2P TCP Listening Port
      "56766:UDP"= 56766:UDP:PMB P2P UDP Listening Port

      R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [8/20/2010 6:53 AM 236104]
      R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [8/20/2010 6:53 AM 22600]
      R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [8/20/2010 6:53 AM 28232]
      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 2:25 AM 12872]
      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 2:41 AM 67656]
      R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [8/20/2010 6:53 AM 1283400]
      S1 muufrena;muufrena;\??\c:\windows\system32\drivers\muufrena.sys --> c:\windows\system32\drivers\muufrena.sys [?]
      S2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [8/20/2010 6:53 AM 3364680]
      S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 8:28 AM 47128]
      S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
      S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 8:28 AM 369688]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bdx   REG_MULTI_SZ      scan
      .
      Contents of the 'Scheduled Tasks' folder

      2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593411582-1523315853-1269952131-1006Core.job
      - c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-23 15:54]

      2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593411582-1523315853-1269952131-1006UA.job
      - c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-23 15:54]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = www.google.com
      uInternet Connection Wizard,ShellNext = iexplore
      uInternet Settings,ProxyOverride = <local>
      IE: Download all links with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
      IE: Download FLV video content with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
      IE: Download with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      FF - ProfilePath - c:\documents and settings\iman\Application Data\Mozilla\Firefox\Profiles\iee811pn.default\
      FF - component: c:\documents and settings\iman\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
      FF - plugin: c:\documents and settings\iman\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
      FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

      ---- FIREFOX POLICIES ----
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
      c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
      c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
      .
      .
      ------- File Associations -------
      .
      .scr=AutoCADScriptFile
      .
      - - - - ORPHANS REMOVED - - - -

      HKLM-Run-ClientGW - (no file)
      HKLM-Run-eSnips - c:\program files\eSnips\ClientGW.exe
      AddRemove-Autodesk DWF Viewer - c:\progra~1\Autodesk\AUTODE~1\Setup.exe
      AddRemove-HijackThis - e:\software\RegisteryCleaner\HijackThis.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-08-20 08:08
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ... 

      scanning hidden autostart entries ...

      scanning hidden files ... 

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59c1b55b-ebf2-442a-b94f-dcce1e3693e0}]
      @Denied: (Full) (Everyone)
      "Model"=dword:00000083
      "Therad"=dword:00000021
      "MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
         4b,7b,ad,04,7a,b1,b5,76,9b,27,47,5a,e4,0b,a2,cb,91,3b,1d,46,8f,3c,f2,5c,68,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
      @Denied: (Full) (Everyone)
      "scansk"=hex(0):f4,48,37,a5,04,25,eb,81,63,fd,7b,50,76,a6,0a,23,63,63,d7,8b,1c,
         ff,27,17,9c,b0,51,d3,ab,fc,2e,e0,61,ad,74,3a,7f,82,39,c0,00,00,00,00,00,00,\

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
      @DACL=(02 0000)
      "Installed"="1"

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
      @DACL=(02 0000)
      "Installed"="1"
      "NoChange"="1"

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
      @DACL=(02 0000)
      "Installed"="1"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(424)
      c:\program files\SUPERAntiSpyware\SASWINLO.DLL
      c:\windows\system32\WININET.dll
      .
      Completion time: 2010-08-20  08:12:10
      ComboFix-quarantined-files.txt  2010-08-20 00:12

      Pre-Run: 10,310,451,200 bytes free
      Post-Run: 10,343,636,992 bytes free

      WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

      - - End Of File - - CD9F871607725F7E32C1BFAC7138F41E


      securitycheck log:

       Results of screen317's Security Check version 0.99.5 
       Windows XP Service Pack 3 
       Internet Explorer 8 
      ``````````````````````````````
      Antivirus/Firewall Check:

       Windows Firewall Enabled! 
       Online Armor 4.0   
       Microsoft Security Essentials   
       Microsoft Security Essentials successfully updated!
      ```````````````````````````````
      Anti-malware/Other Utilities Check:

       Malwarebytes' Anti-Malware   
       CCleaner     
       Java(TM) 6 Update 15 
       Out of date Java installed!
       Adobe Flash Player 10.0.22.87 
       Mozilla Firefox (3.6.8)
      ````````````````````````````````
      Process Check: 
      objlist.exe by Laurent

       Windows Defender MSMpEng.exe
       Tall Emu Online Armor OAcat.exe
       Microsoft Security Essentials msseces.exe
      ````````````````````````````````
      DNS Vulnerability Check:

       Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

      ``````````End of Log````````````


      Now, I can connect to the internet. but I don't know whether my laptop is already free from the malware or virus. but Everything is working fine now. Do you think my laptop is ok now??

      thank you so much for your help, Dave. never can thank you enough. I'm so grateful that I found this web, will always give credits to this web. thanks so much for your help again.  :)


      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Update Your Java (JRE)

      Old versions of Java have vulnerabilities that malware can use to infect your system.


      First Verify your Java Version

      If there are any other version(s) installed then update now.

      Get the new version (if needed)

      If your version is out of date install the newest version of the Sun Java Runtime Environment.

      Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

      Be sure to close ALL open web browsers before starting the installation.

      Remove any old versions

      1. Download JavaRa and unzip the file to your Desktop.
      2. Open JavaRA.exe and choose Remove Older Versions
      3. Once complete exit JavaRA.
      4. Run CCleaner.

      Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

      ************************************
      Re-running ComboFix to remove infections:

      • Close any open browsers.
      • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Open notepad and copy/paste the text in the quotebox below into it:
        Quote
        KillAll::

        DDS::
        uInternet Settings,ProxyOverride = <local>

        Driver::
        muufrena
      • Save this as CFScript.txt, in the same location as ComboFix.exe



      • Referring to the picture above, drag CFScript into ComboFix.exe
      • When finished, it shall produce a log for you at C:\ComboFix.txt
      • Please post the contents of the log in your next reply.
      ***********************************************
      Download the GMER Rootkit Scanner. Unzip it to your Desktop.

      Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

      Double-click gmer.exe. The program will begin to run.

      **Caution**
      These types of scans can produce false positives. Do NOT take any action on any
      "<--- ROOKIT" entries unless advised!

      If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
      • Click NO
      • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
      • Now click the Scan button.
      • Once the scan is complete, you may receive another notice about rootkit activity.
      • Click OK.
      • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
      • Save it where you can easily find it, such as your desktop.

      Windows 8 and Windows 10 dual boot with two SSD's

      littlesquall

        Topic Starter


        Greenhorn

        Combofix log:

        ComboFix 10-08-19.02 - iman 08/21/2010  14:46:16.3.1 - x86
        Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1421 [GMT 8:00]
        Running from: c:\documents and settings\iman\Desktop\ComboFix.exe
        AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
        FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
        .

        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        ---- Previous Run -------
        .
        F:\khq
        I:\khq

        .
        (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        -------\Service_muufrena


        (((((((((((((((((((((((((   Files Created from 2010-07-21 to 2010-08-21  )))))))))))))))))))))))))))))))
        .

        2010-08-21 05:09 . 2010-08-21 05:09   --------   d-----w-   c:\program files\Java
        2010-08-21 04:47 . 2010-08-21 04:47   503808   ----a-w-   c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ce8d1e9-n\msvcp71.dll
        2010-08-21 04:47 . 2010-08-21 04:47   499712   ----a-w-   c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ce8d1e9-n\jmc.dll
        2010-08-21 04:47 . 2010-08-21 04:47   348160   ----a-w-   c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ce8d1e9-n\msvcr71.dll
        2010-08-21 04:46 . 2010-08-21 04:46   61440   ----a-w-   c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-59e3f66a-n\decora-sse.dll
        2010-08-21 04:46 . 2010-08-21 04:46   12800   ----a-w-   c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-59e3f66a-n\decora-d3d.dll
        2010-08-21 04:46 . 2010-08-21 05:09   423656   ----a-w-   c:\windows\system32\deployJava1.dll
        2010-08-19 23:13 . 2010-04-29 07:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
        2010-08-19 23:13 . 2010-04-29 07:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
        2010-08-19 23:13 . 2010-08-19 23:13   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2010-08-19 23:04 . 2010-08-19 23:12   63488   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
        2010-08-19 23:04 . 2010-08-19 23:04   52224   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
        2010-08-19 23:04 . 2010-08-19 23:12   117760   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
        2010-08-19 23:04 . 2010-08-19 23:04   --------   d-----w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com
        2010-08-19 23:04 . 2010-08-19 23:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
        2010-08-19 22:53 . 2010-08-19 23:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
        2010-08-19 22:53 . 2010-08-19 22:54   --------   d-----w-   c:\documents and settings\iman\Application Data\OnlineArmor
        2010-08-19 22:53 . 2010-07-05 00:44   22600   ----a-w-   c:\windows\system32\drivers\OAmon.sys
        2010-08-19 22:53 . 2010-07-05 00:44   28232   ----a-w-   c:\windows\system32\drivers\OAnet.sys
        2010-08-19 22:53 . 2010-07-05 00:43   236104   ----a-w-   c:\windows\system32\drivers\OADriver.sys
        2010-08-19 22:53 . 2010-08-19 22:53   --------   d-----w-   c:\program files\Emsisoft
        2010-08-17 18:50 . 2010-06-01 17:37   221568   ------w-   c:\windows\system32\MpSigStub.exe
        2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\scripting
        2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\l2schemas
        2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\en
        2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\bits
        2010-08-16 20:47 . 2010-08-16 20:47   --------   d-----w-   c:\windows\EHome
        2010-08-16 08:52 . 2010-08-16 08:52   --------   d-----w-   c:\program files\Trend Micro
        2010-08-16 06:55 . 2010-08-16 06:55   --------   d-----w-   c:\documents and settings\iman\Application Data\Malwarebytes
        2010-08-16 06:55 . 2010-08-16 06:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
        2010-08-16 02:20 . 2010-08-16 02:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
        2010-08-16 02:12 . 2010-08-16 02:12   95360   ----a-w-   c:\windows\system32\drivers\ATAPI.SYS
        2010-08-16 00:11 . 2010-08-16 00:11   --------   d-----w-   c:\program files\CCleaner
        2010-08-15 23:26 . 2010-08-15 23:26   --------   d-----w-   c:\program files\Microsoft Security Essentials
        2010-08-13 18:35 . 2010-08-16 05:03   --------   d-----w-   c:\documents and settings\iman\Local Settings\Application Data\aflgbtide
        2010-08-13 18:34 . 2010-08-16 02:12   --------   d-----w-   c:\documents and settings\iman\Application Data\2DBDD7E54A79B756F39BA4FEC9088C2A
        2010-08-07 00:02 . 2010-08-07 00:02   116144   ----a-w-   c:\documents and settings\iman\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
        2010-08-07 00:02 . 2010-08-09 15:59   --------   d-----w-   c:\documents and settings\iman\Application Data\IDM
        2010-07-25 18:25 . 2010-08-19 22:45   452104   ----a-w-   c:\documents and settings\iman\Application Data\Real\Update\setup3.12\setup.exe

        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2010-08-21 06:56 . 2008-11-28 12:52   --------   d-----w-   c:\documents and settings\iman\Application Data\Skype
        2010-08-21 05:58 . 2009-01-08 07:22   --------   d-----w-   c:\documents and settings\iman\Application Data\DMCache
        2010-08-21 05:33 . 2008-11-28 12:53   --------   d-----w-   c:\documents and settings\iman\Application Data\skypePM
        2010-08-21 05:09 . 2006-02-06 21:36   --------   d-----w-   c:\program files\Common Files\Java
        2010-08-16 22:39 . 2004-08-03 23:00   42112   ----a-w-   c:\windows\system32\drivers\imapi.sys
        2010-08-16 22:26 . 2008-11-23 16:24   135592   -c--a-w-   c:\documents and settings\iman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
        2010-08-16 21:00 . 2006-02-06 21:13   76487   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
        2010-08-16 11:48 . 2008-12-20 02:07   --------   d-----w-   c:\program files\Windows Media Connect 2
        2010-08-16 09:29 . 2010-05-12 17:05   --------   d-----w-   c:\program files\Macromedia
        2010-08-16 09:29 . 2010-05-12 17:05   --------   d-----w-   c:\program files\Common Files\Macromedia
        2010-08-16 06:10 . 2008-11-23 16:16   --------   d-----w-   c:\program files\Common Files\Autodesk Shared
        2010-08-16 06:02 . 2006-02-06 21:29   --------   d-----w-   c:\program files\Common Files\Adobe
        2010-08-16 00:21 . 2008-11-24 14:22   --------   d-----w-   c:\documents and settings\iman\Application Data\Media Player Classic
        2010-08-15 23:40 . 2010-06-14 06:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
        2010-08-15 23:40 . 2010-06-14 06:45   --------   d-----w-   c:\program files\Common Files\Apple
        2010-08-11 03:07 . 2008-11-23 16:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
        2010-07-15 18:22 . 2010-06-14 06:47   --------   d-----w-   c:\program files\QuickTime
        2010-07-15 06:06 . 2010-07-15 06:06   737280   ----a-w-   c:\windows\iun6002.exe
        2010-07-09 08:07 . 2010-06-09 00:32   --------   d-----r-   c:\program files\Skype
        2010-07-09 08:04 . 2006-02-06 21:24   --------   d--h--w-   c:\program files\InstallShield Installation Information
        2010-07-04 13:14 . 2010-04-12 11:42   439816   ----a-w-   c:\documents and settings\iman\Application Data\Real\Update\setup3.10\setup.exe
        2010-06-30 12:31 . 2006-02-06 12:57   149504   ----a-w-   c:\windows\system32\schannel.dll
        2010-06-24 12:22 . 2006-02-06 12:57   916480   ----a-w-   c:\windows\system32\wininet.dll
        2010-06-23 13:44 . 2006-02-06 12:57   1851904   ----a-w-   c:\windows\system32\win32k.sys
        2010-06-21 15:27 . 2006-02-06 12:57   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
        2010-06-17 14:03 . 2006-02-06 12:57   80384   ----a-w-   c:\windows\system32\iccvid.dll
        2010-06-14 14:31 . 2006-02-06 21:12   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
        2010-06-14 07:41 . 2006-02-06 12:57   1172480   ----a-w-   c:\windows\system32\msxml3.dll
        2009-08-07 02:38 . 2009-09-02 12:13   45056   ----a-w-   c:\program files\mozilla firefox\components\FFComm.dll
        2008-06-27 10:57 . 2009-01-16 14:04   172032   ----a-w-   c:\program files\mozilla firefox\components\XPBrowsealoudPlugin.dll
        .

        (((((((((((((((((((((((((((((   SnapShot@2010-08-20_00.08.57   )))))))))))))))))))))))))))))))))))))))))
        .
        + 2010-08-20 00:57 . 2010-08-20 00:57   37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
        + 2010-08-20 00:54 . 2010-08-20 00:54   94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
        + 2010-08-20 00:54 . 2010-08-20 00:54   82944              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
        + 2010-08-20 00:52 . 2010-08-20 00:52   40960              c:\windows\assembly\NativeImages_v2.0.50727_32\SqlToolsMailUtiliti#\812bd518e6788a3be2b2e536e9ff4f55\SqlToolsMailUtilities.ni.dll
        + 2010-08-20 00:52 . 2010-08-20 00:52   53248              c:\windows\assembly\NativeImages_v2.0.50727_32\SQLPS\2b974581ae7be413076c2537acbdf763\SQLPS.ni.exe
        + 2010-08-20 00:52 . 2010-08-20 00:52   24064              c:\windows\assembly\NativeImages_v2.0.50727_32\PerformanceCounter\bd448f17e1a037d0c8b235a3fc1b8139\PerformanceCounter.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   89088              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fe34623084920626a966a45984ca6127\Microsoft.SqlServer.TransferStoredProceduresTask.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   42496              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f2b3561c1ff33889956aaa065e0f51bf\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   87040              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f1878e02c7d6c777653e73cdd169c84b\Microsoft.SqlServer.TransferJobsTask.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ed5190af604d93ec2ed375af3abd8b3f\Microsoft.SqlServer.ForEachFromVarEnumerator.ni.dll
        + 2010-08-20 00:51 . 2010-08-20 00:51   73728              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cfffeae495760b9966f7fcd73e278131\Microsoft.SqlServer.Management.PSSnapins.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   43008              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cc624ab6d205a3eaeba6e79eeb0bcdb3\Microsoft.SqlServer.ForEachNodeListEnumerator.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   54784              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c8c9363f546d2dd65405164296a5834e\Microsoft.SqlServer.ForEachADOEnumerator.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   72704              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b6fa5b72ef657e96a1ffc0e273e3eb9c\Microsoft.SqlServer.BatchParserClient.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   22528              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\abb4b2ba1c750c13e54443678e728d50\Microsoft.SqlServer.DTSUtilities.ni.dll
        + 2010-08-20 00:54 . 2010-08-20 00:54   96256              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a8784857660286abf076c991788fccd5\Microsoft.SqlServer.OlapEnum.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   61440              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a370b63048aeb3c5a429b87d3a4238fc\Microsoft.SqlServer.TableTransferGeneratorTask.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   88064              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9d29d8c80cdafcd8d1302fa3e1e13366\Microsoft.SqlServer.TransferErrorMessagesTask.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\97292d5d621957c61cdf3dff84ad9f3b\Microsoft.SqlServer.SqlClrProvider.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   52224              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\96045ee2b8394b0de84d1eb3a453db88\Microsoft.SqlServer.ForEachSMOEnumerator.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   34816              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8d87ea5c90f26deef6a2660926774e06\Microsoft.SqlServer.SQLTaskConnectionsWrap.ni.dll
        + 2010-08-20 00:52 . 2010-08-20 00:52   25600              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84e1a34fc0e0ee83fdd8bcb0d3cbac87\Microsoft.SqlServer.Management.PowerShellTasks.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   18432              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84b7c3ddcf5bb589bb42a190860f17db\Microsoft.SqlServer.ForEachFileEnumeratorWrap.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   84480              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6a31f1959ccad3f4209118b6b6654b21\Microsoft.SqlServer.TransferDatabasesTask.ni.dll
        + 2010-08-20 00:28 . 2010-08-20 00:28   98816              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4e4dc8db5aaec456af39450a3d7e583d\Microsoft.SqlServer.DlgGrid.ni.dll
        + 2010-08-20 00:54 . 2010-08-20 00:54   32768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3c4ed10f18f81f1e462c4b75b0e5ffb9\Microsoft.SqlServer.PolicyEnum.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   94720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\39bc5cfa51673cf4014970de8d4cf3cb\Microsoft.SqlServer.TransferLoginsTask.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   69120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2fa4e4fe25bae25ae5e7960a3ac37fd5\Microsoft.SqlServer.WMIEWTask.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   65024              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2f8f6a426e825b7000a42028b5b2f001\Microsoft.SqlServer.SqlTDiagM.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   35328              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2bf6113114fbab03030f7ee62686a5d4\Microsoft.SqlServer.Dts.Design.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   52224              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2868b916e153ea3c1791005721ed9e02\Microsoft.SqlServer.SqlCEDest.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   69632              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\279bdda83fff43bbbbe29002ce457982\Microsoft.SqlServer.WMIDRTask.ni.dll
        + 2010-08-20 00:51 . 2010-08-20 00:51   65536              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1a0607a5f678644fb0371c0664329693\Microsoft.SqlServer.WmiEnum.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   44032              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\15065bff758086215f6e66c611d25d1c\Microsoft.SqlServer.DTEnum.ni.dll
        + 2010-08-20 00:52 . 2010-08-20 00:52   65536              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\13b0c42c709b2a8a50ff0f5b10d76ebc\Microsoft.SqlServer.Instapi.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   55808              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0b32a1bad9a86056fc88eac78ce7a982\Microsoft.SqlServer.ManagedConnections.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   86528              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0ac32fd008f95831111d8206380fe35d\Microsoft.SqlServer.FileSystemTask.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   42496              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\04095334dff60b0d128ad75478c9246c\Microsoft.SqlServer.SString.ni.dll
        + 2010-08-20 00:28 . 2010-08-20 00:28   76288              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\040622673a43b9878d1809a87ef68cca\Microsoft.SqlServer.CustomControls.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   53248              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\add749f03b54587b17541e43f4f26f2a\Microsoft.DataWarehouse.Interfaces.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   74752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   39936              c:\windows\assembly\NativeImages_v2.0.50727_32\interop.msdasc\1e97297b3251606a19b0ace70660f0f0\interop.msdasc.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   14336              c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
        + 2010-08-21 05:30 . 2010-08-21 05:58   1606              c:\windows\SoftwareDistribution\EventCache\{AF673D10-CE56-4C75-99A1-C7C7C253B48B}.bin
        + 2010-08-21 05:09 . 2010-08-21 05:09   153376              c:\windows\system32\javaws.exe
        - 2009-09-09 23:08 . 2009-07-24 21:23   145184              c:\windows\system32\javaw.exe
        + 2010-08-21 05:09 . 2010-08-21 05:09   145184              c:\windows\system32\javaw.exe
        - 2009-09-09 23:08 . 2009-07-24 21:23   145184              c:\windows\system32\java.exe
        + 2010-08-21 05:09 . 2010-08-21 05:09   145184              c:\windows\system32\java.exe
        + 2010-08-21 05:09 . 2010-08-21 05:09   180224              c:\windows\Installer\184b9f8.msi
        + 2010-08-21 05:09 . 2010-08-21 05:09   677376              c:\windows\Installer\184b9f0.msi
        + 2010-08-20 00:53 . 2010-08-20 00:53   321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
        + 2010-08-20 00:57 . 2010-08-20 00:57   400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
        + 2010-08-20 00:57 . 2010-08-20 00:57   859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
        + 2010-08-20 00:57 . 2010-08-20 00:57   328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
        + 2010-08-20 00:57 . 2010-08-20 00:57   301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   593408              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
        + 2010-08-20 00:52 . 2010-08-20 00:52   381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
        + 2010-08-20 00:52 . 2010-08-20 00:52   212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
        + 2010-08-20 00:54 . 2010-08-20 00:54   135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
        + 2010-08-20 00:54 . 2010-08-20 00:54   633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
        + 2010-08-20 00:53 . 2010-08-20 00:53   256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
        + 2010-08-20 00:53 . 2010-08-20 00:53   133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
        + 2010-08-20 00:53 . 2010-08-20 00:53   386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   244736              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\edb591895a614f435dbf354b80ab1d71\Microsoft.SqlServer.ConnectionInfo.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   134144              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e9a7a16797a586dd49adde1fcb39231e\Microsoft.SqlServer.SQLTask.ni.dll
        + 2010-08-20 00:51 . 2010-08-20 00:51   151040              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e3bbca5ceb2641f3e1558af12d4869e8\Microsoft.SqlServer.Management.PSProvider.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   485888              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\de748d7f48f3c3a1a4f332186cf0b5d1\Microsoft.SqlServer.Msxml6_interop.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   347648              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\da8170c5ca36fcb93457d5de82f232f2\Microsoft.SqlServer.TransferObjectsTask.ni.dll
        + 2010-08-20 00:28 . 2010-08-20 00:28   994816              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d74cbf88afaf706d401fa4c8480e3df6\Microsoft.SqlServer.WizardFramework.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   128000              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d2019214126a9523881dcdae76c829df\Microsoft.SqlServer.RegSvrEnum.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   190464              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c7e29eccf4feae67a765f91f3035946b\Microsoft.SqlServer.Management.MultiServerConnection.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   400896              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b81172e4105732a5888c34f43ac71973\Microsoft.SqlServer.SmoExtended.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   137216              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a886cbb7235014796042c1dd5f4def6b\Microsoft.SqlServer.ConnectionInfoExtended.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   751104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a80196b01df76bdd6f9fc1c57349e0e7\Microsoft.SqlServer.ManagedDTS.ni.dll
        + 2010-08-20 00:51 . 2010-08-20 00:51   251904              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\93346229aefa38a12c04ef1ac9412c9e\Microsoft.SqlServer.SqlWmiManagement.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   483328              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8da24b93c90be059ffb44c4e456914a0\Microsoft.SqlServer.XmlSrc.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   128512              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\63d62c785f3af01a44d681e312f1b6c4\Microsoft.SqlServer.DTSPipelineWrap.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   103424              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5e8b8a381f72ebed45bc946cce48374b\Microsoft.SqlServer.ADONETSrc.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   221184              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5ba275b309a53ecb67c59569070cb287\Microsoft.SqlServer.PackageFormatUpdate.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   414208              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5adc20a2f3ade8c9154582988d1f2807\Microsoft.SqlServer.DTSRuntimeWrap.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   288768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5a37194ca3850cba95b1cdef24195139\Microsoft.SqlServer.Management.CollectorTasks.ni.dll
        + 2010-08-20 00:54 . 2010-08-20 00:54   108032              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4fec7b7912735b4953565821d7a07a8a\Microsoft.SqlServer.VSTAScriptingLib.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   534528              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4b1d546db2192665dfb012c4d7eb9fc3\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   158208              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\44f474765d3bae85d2f18a21620a761e\Microsoft.SqlServer.DtsMsg.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   183296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\41d763de96a4c4f46ef4093c60bb8d8e\Microsoft.SqlServer.WebServiceTask.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   632320              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3bdb1af077cd229f4dd31c6be4dbae84\Microsoft.SqlServer.BatchParser.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   138752              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\39125f9f1beec760b5cad1c64d90f2de\Microsoft.SqlServer.PipelineHost.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   152064              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3516fb8a01964501c5e4b9eb2cd18d4a\Microsoft.SqlServer.PipelineXML.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   144896              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\28cc0e58de3cd510f281512ff02ac2c3\Microsoft.SqlServer.ADONETDest.ni.dll
        + 2010-08-20 00:30 . 2010-08-20 00:30   337920              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\23c407c1754933b28dfefdb8a764c2a7\Microsoft.SqlServer.XMLTask.ni.dll
        + 2010-08-20 00:51 . 2010-08-20 00:51   205312              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\14b618c8e62587a29e8ebaf8cd3e3893\Microsoft.SqlServer.Management.RegisteredServers.ni.dll
        + 2010-08-20 00:28 . 2010-08-20 00:28   175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\10fc29b3d5d45f57ba9dc0f66ed8efbb\Microsoft.SqlServer.DataStorage.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   165376              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0fab35499c74f6bbdeb457f14b42b6bd\Microsoft.SqlServer.DtsTransferProvider.ni.dll
        + 2010-08-20 00:28 . 2010-08-20 00:28   531968              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\02990699368c5b5258c938f8a365b7d4\Microsoft.SqlServer.GridControl.ni.dll
        + 2010-08-20 00:28 . 2010-08-20 00:28   232960              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\00dd1dbc1c918291603aa0e853a11285\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
        + 2010-08-20 00:52 . 2010-08-20 00:52   233472              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Exception#\1013736f3b2743f048051d62c4960601\Microsoft.ExceptionMessageBox.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
        + 2010-08-20 00:54 . 2010-08-20 00:54   510976              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\05458562792fd615f5b70a3b48fa32cb\Microsoft.AnalysisServices.Xmla.ni.dll
        + 2010-08-20 00:12 . 2010-08-20 00:12   170496              c:\windows\assembly\NativeImages_v2.0.50727_32\DTEParseMgd\b1eade4f831b47a2817eab5027369a93\DTEParseMgd.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   220672              c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
        + 2010-08-20 00:10 . 2010-08-20 00:10   842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   265728              c:\windows\assembly\NativeImages_v2.0.50727_32\ADODB\44ad73cd0e12ce6b95fac3a1b43f3391\ADODB.ni.dll
        + 2010-08-20 00:57 . 2010-08-20 00:57   1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
        + 2010-08-20 00:57 . 2010-08-20 00:57   1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
        + 2010-08-20 00:57 . 2010-08-20 00:57   4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
        + 2010-08-20 00:57 . 2010-08-20 00:57   2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
        + 2010-08-20 00:57 . 2010-08-20 00:57   2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   2403328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
        + 2010-08-20 00:52 . 2010-08-20 00:52   2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
        + 2010-08-20 00:52 . 2010-08-20 00:52   1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
        + 2010-08-20 00:56 . 2010-08-20 00:56   9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
        + 2010-08-20 00:54 . 2010-08-20 00:54   1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   1118208              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f8be778e5e1b5e8f59526bd4b4892251\Microsoft.SqlServer.Dmf.ni.dll
        + 2010-08-20 00:51 . 2010-08-20 00:51   3476992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e2f7bdf84d04934ef39114871e2948f7\Microsoft.SqlServer.Replication.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   6115328              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\938a917fdd99679593903a571d706690\Microsoft.SqlServer.Smo.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   1488384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\91d96700af39b4bdcaf923cb3df67929\Microsoft.SqlServer.SqlEnum.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   1125888              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\91bd0e4e2712b37494cd06965feaeac4\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll
        + 2010-08-20 00:29 . 2010-08-20 00:29   2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
        + 2010-08-20 00:28 . 2010-08-20 00:28   1602048              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\d90feee9b4f647700e157a862e8a93ca\Microsoft.DataTransformationServices.Controls.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
        + 2010-08-20 00:53 . 2010-08-20 00:53   2949120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\66acf189dd712ee7b5fdb541e9710d7d\Microsoft.AnalysisServices.ni.dll
        + 2010-08-20 00:28 . 2010-08-20 00:28   1354240              c:\windows\assembly\NativeImages_v2.0.50727_32\DTSWizard\291e53ccca9cac3f4faffdda87feabcc\DTSWizard.ni.exe
        + 2010-08-20 00:53 . 2010-08-20 00:53   17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
        .
        -- Snapshot reset to current date --
        .
        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
        "Google Update"="c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-23 133104]
        "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
        "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "LaunchApp"="launchapp" [X]
        "CFSServ.exe"="CFSServ.exe -NoClient" [X]
        "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
        "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
        "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
        "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
        "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
        "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
        "NDSTray.exe"="NDSTray.exe" [BU]
        "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
        "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 1589248]
        "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
        "TPSMain"="TPSMain.exe" [2005-06-01 282624]
        "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
        "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
        "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
        "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
        "@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-05 6854984]
        "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

        c:\documents and settings\iman\Start Menu\Programs\Startup\
        OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
        RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-7 155648]

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
        "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-05 924488]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
        @="Service"

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
        "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
        "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
        "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
        "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
        "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
        "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
        "56766:TCP"= 56766:TCP:PMB P2P TCP Listening Port
        "56766:UDP"= 56766:UDP:PMB P2P UDP Listening Port

        R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [8/20/2010 6:53 AM 236104]
        R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [8/20/2010 6:53 AM 22600]
        R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [8/20/2010 6:53 AM 28232]
        R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 2:25 AM 12872]
        R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 2:41 AM 67656]
        R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [8/20/2010 6:53 AM 1283400]
        S2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [8/20/2010 6:53 AM 3364680]
        S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 8:28 AM 47128]
        S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
        S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 8:28 AM 369688]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
        bdx   REG_MULTI_SZ      scan
        .
        Contents of the 'Scheduled Tasks' folder

        2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593411582-1523315853-1269952131-1006Core.job
        - c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-23 15:54]

        2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593411582-1523315853-1269952131-1006UA.job
        - c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-23 15:54]
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = www.google.com
        uInternet Connection Wizard,ShellNext = iexplore
        IE: Download all links with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
        IE: Download FLV video content with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
        IE: Download with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
        IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
        FF - ProfilePath - c:\documents and settings\iman\Application Data\Mozilla\Firefox\Profiles\iee811pn.default\
        FF - plugin: c:\documents and settings\iman\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
        FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
        FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
        FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

        ---- FIREFOX POLICIES ----
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
        c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
        c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
        c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
        c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
        c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
        c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
        .
        .
        ------- File Associations -------
        .
        .scr=AutoCADScriptFile
        .

        **************************************************************************

        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2010-08-21 14:55
        Windows 5.1.2600 Service Pack 3 NTFS

        scanning hidden processes ... 

        scanning hidden autostart entries ...

        scanning hidden files ... 

        scan completed successfully
        hidden files: 0

        **************************************************************************
        .
        --------------------- LOCKED REGISTRY KEYS ---------------------

        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59c1b55b-ebf2-442a-b94f-dcce1e3693e0}]
        @Denied: (Full) (Everyone)
        "Model"=dword:00000083
        "Therad"=dword:00000021
        "MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
           4b,7b,ad,04,7a,b1,b5,76,9b,27,47,5a,e4,0b,a2,cb,91,3b,1d,46,8f,3c,f2,5c,68,\

        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
        @Denied: (Full) (Everyone)
        "scansk"=hex(0):f4,48,37,a5,04,25,eb,81,63,fd,7b,50,76,a6,0a,23,63,63,d7,8b,1c,
           ff,27,17,9c,b0,51,d3,ab,fc,2e,e0,61,ad,74,3a,7f,82,39,c0,00,00,00,00,00,00,\

        [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
        @DACL=(02 0000)
        "Installed"="1"

        [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
        @DACL=(02 0000)
        "Installed"="1"
        "NoChange"="1"

        [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
        @DACL=(02 0000)
        "Installed"="1"
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------

        - - - - - - - > 'winlogon.exe'(424)
        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
        c:\windows\system32\WININET.dll

        - - - - - - - > 'explorer.exe'(2572)
        c:\windows\system32\WININET.dll
        c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
        c:\program files\Windows Media Player\wmpband.dll
        c:\windows\system32\msi.dll
        c:\windows\system32\ieframe.dll
        c:\windows\system32\webcheck.dll
        c:\windows\system32\WPDShServiceObj.dll
        c:\windows\system32\PortableDeviceTypes.dll
        c:\windows\system32\PortableDeviceApi.dll
        c:\windows\system32\TPwrCfg.DLL
        c:\windows\system32\TPwrReg.dll
        c:\windows\system32\TPSTrace.DLL
        .
        Completion time: 2010-08-21  15:02:08
        ComboFix-quarantined-files.txt  2010-08-21 07:02
        ComboFix2.txt  2010-08-20 00:12

        Pre-Run: 9,887,891,456 bytes free
        Post-Run: 9,881,948,160 bytes free

        - - End Of File - - 9631A1F946221B6262125F5EBB9C1A8E

        Gmer log:

        GMER 1.0.15.15281 - http://www.gmer.net
        Rootkit scan 2010-08-22 04:55:55
        Windows 5.1.2600 Service Pack 3
        Running: gmer.exe; Driver: C:\DOCUME~1\iman\LOCALS~1\Temp\ufliapog.sys


        ---- System - GMER 1.0.15 ----

        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwAllocateVirtualMemory [0xA82D0ED0]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwAssignProcessToJobObject [0xA82D1700]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwConnectPort [0xA82CEDA0]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwCreateFile [0xA82DE9C0]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwCreatePort [0xA82CE8E0]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwCreateProcess [0xA82CB620]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwCreateProcessEx [0xA82CBA30]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwCreateSection [0xA82CAEF0]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwCreateThread [0xA82CCF20]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwDebugActiveProcess [0xA82CDB90]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwDuplicateObject [0xA82CE6F0]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwLoadDriver [0xA82D0490]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwOpenFile [0xA82DF040]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwOpenProcess [0xA82CCA20]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwOpenSection [0xA82CB310]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwOpenThread [0xA82CD420]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwProtectVirtualMemory [0xA82D1350]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwQueryDirectoryFile [0xA82D0A70]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwQueueApcThread [0xA82D18A0]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwRequestPort [0xA82CF9A0]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwRequestWaitReplyPort [0xA82CFF90]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwRestoreKey [0xA82DE550]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwResumeThread [0xA82CE340]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwSecureConnectPort [0xA82CF190]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwSetContextThread [0xA82CD970]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)                                              ZwSetSystemInformation [0xA82CDD30]
        SSDT            \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft)    &n

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        I'd like to scan your machine with ESET OnlineScan

        •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
        ESET OnlineScan
        •Click the button.
        •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the icon on your desktop.
        •Check
        •Click the button.
        •Accept any security warnings from your browser.
        •Check
        •Push the Start button.
        •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
        •When the scan completes, push
        •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
        •Push the button.
        •Push
        A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

        Windows 8 and Windows 10 dual boot with two SSD's

        littlesquall

          Topic Starter


          Greenhorn

          the eset log:

          ESETSmartInstaller@High as downloader log:
          all ok
          esets_scanner_update returned -1 esets_gle=53251
          # version=7
          # OnlineScannerApp.exe=1.0.0.1
          # OnlineScanner.ocx=1.0.0.6211
          # api_version=3.0.2
          # EOSSerial=cd1d465c2d5430419a2135908657a5ca
          # end=finished
          # remove_checked=true
          # archives_checked=true
          # unwanted_checked=true
          # unsafe_checked=true
          # antistealth_checked=true
          # utc_time=2010-08-23 12:19:50
          # local_time=2010-08-23 08:19:50 (+0800, Malay Peninsula Standard Time)
          # country="United States"
          # lang=1033
          # osver=5.1.2600 NT Service Pack 3
          # compatibility_mode=512 16777215 100 0 569244 569244 0 0
          # compatibility_mode=1024 16777215 100 0 0 0 0 0
          # compatibility_mode=5891 16776869 100 100 0 12104990 0 0
          # compatibility_mode=6401 16777214 66 100 0 3391060 0 0
          # compatibility_mode=8192 67108863 100 0 11447 11447 0 0
          # scanned=95965
          # found=0
          # cleaned=0
          # scan_time=4781

          when the scan is complete, there is no list of found threats.  Does it means it is clean?

          Thanks, Dave for your concern. It is much appreciated.

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Quote
          when the scan is complete, there is no list of found threats.  Does it means it is clean?

          That looks good. Let's do some clean-up.

          * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
          * Now type Combofix /uninstall in the runbox
          * Make sure there's a space between Combofix and /Uninstall
          * Then hit Enter

          * The above procedure will:
          * Delete the following:
          * ComboFix and its associated files and folders.
          * Reset the clock settings.
          * Hide file extensions, if required.
          * Hide System/Hidden files, if required.
          * Set a new, clean Restore Point.

          ************************************

          Download OTC by OldTimer and save it to your desktop.

          1. Double-click OTC to run it.
          2. Click the CleanUp! button.
          3. Select Yes when the "Begin cleanup Process?" prompt appears.
          4. If you are prompted to Reboot during the cleanup, select Yes
          5. OTC should delete itself once it finishes, if not delete it yourself.

          ***********************************

          Clean out your temporary internet files and temp files.

          Download TFC by OldTimer to your desktop.

          Double-click TFC.exe to run it.

          Note: If you are running on Vista, right-click on the file and choose Run As Administrator

          TFC will close all programs when run, so make sure you have saved all your work before you begin.

          * Click the Start button to begin the cleaning process.
          * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
          * Please let TFC run uninterrupted until it is finished.

          Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

          ***********************************

          Use the Secunia Software Inspector to check for out of date software.

          •Click Start Now

          •Check the box next to Enable thorough system inspection.

          •Click Start

          •Allow the scan to finish and scroll down to see if any updates are needed.
          •Update anything listed.
          .
          ----------

          Go to Microsoft Windows Update and get all critical updates.

          ----------

          I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

          SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
          * Using SpywareBlaster to protect your computer from Spyware and Malware
          * If you don't know what ActiveX controls are, see here

          Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

          Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

          Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
          Safe Surfing!
          Windows 8 and Windows 10 dual boot with two SSD's

          littlesquall

            Topic Starter


            Greenhorn

            Thank you so much, Dave, for helping me fix and clean up my laptop.
            My laptop have a better performance now. thanks!  ;D