Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: littlesquall on August 17, 2010, 03:32:28 PM

Title: done the malware removal steps, but can't get connected to the internet.
Post by: littlesquall on August 17, 2010, 03:32:28 PM

Hi,
I need some help with my laptop.Hope computer hope can help me. At first my laptop cannot run any applications. the file **** is infected. I tried to format my laptop but can't, it keep on shutting down when I try to boot from CD. Thus, I followed all the malware removal steps. then, everything is running back to normal. Just that I can't get connected to the internet. Can you help me, how to fix this?

Herewith, I paste all the logs, in case if it is needed.

SuperAntispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/16/2010 at 01:00 PM

Application Version : 4.41.1000

Core Rules Database Version : 5360
Trace Rules Database Version: 3172

Scan type : Complete Scan
Total Scan Time : 02:21:40

Memory items scanned : 578
Memory threats detected : 0
Registry items scanned : 8322
Registry threats detected : 2
File items scanned : 131293
File threats detected : 22

Trojan.Agent/Gen-Frauder
   [jjlghcfp] C:\DOCUMENTS AND SETTINGS\IMAN\LOCAL SETTINGS\APPLICATION DATA\AFLGBTIDE\NCKLCBSSHDW.EXE
   C:\DOCUMENTS AND SETTINGS\IMAN\LOCAL SETTINGS\APPLICATION DATA\AFLGBTIDE\NCKLCBSSHDW.EXE
   [jjlghcfp] C:\DOCUMENTS AND SETTINGS\IMAN\LOCAL SETTINGS\APPLICATION DATA\AFLGBTIDE\NCKLCBSSHDW.EXE

Adware.Tracking Cookie
   C:\Documents and Settings\iman\Cookies\iman@atdmt[1].txt
   C:\Documents and Settings\iman\Cookies\iman@atdmt[2].txt
   acvs.mediaonenetwork.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   cdn4.specificclick.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   foodbycountry.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   googleads.g.doubleclick.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   ia.media-imdb.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   m1.2mdn.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   macromedia.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   media.channelv.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   media.mtvnservices.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   media.scanscout.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   media.socialvibe.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   serving-sys.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   spe.atdmt.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   stat.radioblogclub.com [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   static.2mdn.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]
   vitamine.networldmedia.net [ C:\Documents and Settings\iman\Application Data\Macromedia\Flash Player\#SharedObjects\MJRLFSDU ]

Adware.AdRotator
   C:\WINDOWS\$NTUNINSTALLMTF1011$\zrpt.xml
   C:\WINDOWS\$NTUNINSTALLMTF1011$

Trojan.Dropper/SVCHost-Fake
   C:\WINDOWS\SVCHOST.EXE

MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4434

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/16/2010 3:24:36 PM
mbam-log-2010-08-16 (15-24-36).txt

Scan type: Quick scan
Objects scanned: 156780
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\sys.exe (Trojan.Banker) -> Quarantined and deleted successfully.

Hijack this Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:28:48 AM, on 8/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [LaunchApp] launchapp
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IDMan] C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMan.exe /onboot
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download all links with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS2\Services\Tcpip\..\{1E03CE52-804E-4BEE-B526-F22F962BAD8E}: NameServer = 202.185.48.7,202.185.33.7
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe

--
End of file - 11085 bytes

thanks in advance for your concern. It is much appreciated.

-littlesquall-

Title: Re: done the malware removal steps, but can't get connected to the internet.
Post by: SuperDave on August 19, 2010, 01:26:17 PM

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

************************************

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R3 - URLSearchHook: (no name) - {F08555B0-9CC3-11D2-AA8E-000000000567} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
***************************************
Download ComboFix by sUBs from one of the below links.

Important! You MUST save ComboFix to your desktop

link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.
********************************************88
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Title: Re: done the malware removal steps, but can't get connected to the internet.
Post by: littlesquall on August 19, 2010, 06:41:20 PM

combofix log:

ComboFix 10-08-18.04 - iman 08/20/2010 8:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1421 [GMT 8:00]
Running from: c:\documents and settings\iman\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\SET5D.tmp
c:\program files\Internet Explorer\SET5E.tmp
c:\program files\Internet Explorer\SETB5.tmp
c:\program files\Internet Explorer\SETBA.tmp
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\logs
c:\windows\system32\Temp

.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-19 23:13 . 2010-04-29 07:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-19 23:13 . 2010-04-29 07:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-08-19 23:13 . 2010-08-19 23:13   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-19 23:04 . 2010-08-19 23:12   63488   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-19 23:04 . 2010-08-19 23:04   52224   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-19 23:04 . 2010-08-19 23:12   117760   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-19 23:04 . 2010-08-19 23:04   --------   d-----w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com
2010-08-19 23:04 . 2010-08-19 23:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-19 22:53 . 2010-08-19 23:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-08-19 22:53 . 2010-08-19 22:54   --------   d-----w-   c:\documents and settings\iman\Application Data\OnlineArmor
2010-08-19 22:53 . 2010-07-05 00:44   22600   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-08-19 22:53 . 2010-07-05 00:44   28232   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-08-19 22:53 . 2010-07-05 00:43   236104   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-08-19 22:53 . 2010-08-19 22:53   --------   d-----w-   c:\program files\Emsisoft
2010-08-17 18:50 . 2010-06-01 17:37   221568   ------w-   c:\windows\system32\MpSigStub.exe
2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\scripting
2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\l2schemas
2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\en
2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\bits
2010-08-16 20:47 . 2010-08-16 20:47   --------   d-----w-   c:\windows\EHome
2010-08-16 08:52 . 2010-08-16 08:52   --------   d-----w-   c:\program files\Trend Micro
2010-08-16 06:55 . 2010-08-16 06:55   --------   d-----w-   c:\documents and settings\iman\Application Data\Malwarebytes
2010-08-16 06:55 . 2010-08-16 06:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-16 02:20 . 2010-08-16 02:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-16 02:12 . 2010-08-16 02:12   95360   ----a-w-   c:\windows\system32\drivers\ATAPI.SYS
2010-08-16 00:11 . 2010-08-16 00:11   --------   d-----w-   c:\program files\CCleaner
2010-08-15 23:26 . 2010-08-15 23:26   --------   d-----w-   c:\program files\Microsoft Security Essentials
2010-08-13 18:35 . 2010-08-16 05:03   --------   d-----w-   c:\documents and settings\iman\Local Settings\Application Data\aflgbtide
2010-08-13 18:34 . 2010-08-16 02:12   --------   d-----w-   c:\documents and settings\iman\Application Data\2DBDD7E54A79B756F39BA4FEC9088C2A
2010-08-07 00:02 . 2010-08-07 00:02   116144   ----a-w-   c:\documents and settings\iman\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2010-08-07 00:02 . 2010-08-09 15:59   --------   d-----w-   c:\documents and settings\iman\Application Data\IDM
2010-07-25 18:25 . 2010-08-19 22:45   452104   ----a-w-   c:\documents and settings\iman\Application Data\Real\Update\setup3.12\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 00:08 . 2009-01-08 07:22   --------   d-----w-   c:\documents and settings\iman\Application Data\DMCache
2010-08-20 00:04 . 2008-11-28 12:53   --------   d-----w-   c:\documents and settings\iman\Application Data\skypePM
2010-08-20 00:00 . 2008-11-28 12:52   --------   d-----w-   c:\documents and settings\iman\Application Data\Skype
2010-08-16 22:39 . 2004-08-03 23:00   42112   ----a-w-   c:\windows\system32\drivers\imapi.sys
2010-08-16 22:26 . 2008-11-23 16:24   135592   -c--a-w-   c:\documents and settings\iman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-16 21:00 . 2006-02-06 21:13   76487   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-16 11:48 . 2008-12-20 02:07   --------   d-----w-   c:\program files\Windows Media Connect 2
2010-08-16 09:29 . 2010-05-12 17:05   --------   d-----w-   c:\program files\Macromedia
2010-08-16 09:29 . 2010-05-12 17:05   --------   d-----w-   c:\program files\Common Files\Macromedia
2010-08-16 08:48 . 2006-02-06 21:36   --------   d-----w-   c:\program files\Java
2010-08-16 06:10 . 2008-11-23 16:16   --------   d-----w-   c:\program files\Common Files\Autodesk Shared
2010-08-16 06:02 . 2006-02-06 21:29   --------   d-----w-   c:\program files\Common Files\Adobe
2010-08-16 00:21 . 2008-11-24 14:22   --------   d-----w-   c:\documents and settings\iman\Application Data\Media Player Classic
2010-08-15 23:40 . 2010-06-14 06:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-15 23:40 . 2010-06-14 06:45   --------   d-----w-   c:\program files\Common Files\Apple
2010-08-11 03:07 . 2008-11-23 16:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-15 18:22 . 2010-06-14 06:47   --------   d-----w-   c:\program files\QuickTime
2010-07-15 06:06 . 2010-07-15 06:06   737280   ----a-w-   c:\windows\iun6002.exe
2010-07-09 08:07 . 2010-06-09 00:32   --------   d-----r-   c:\program files\Skype
2010-07-09 08:04 . 2006-02-06 21:24   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-04 13:14 . 2010-04-12 11:42   439816   ----a-w-   c:\documents and settings\iman\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 12:31 . 2006-02-06 12:57   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-02-06 12:57   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-06 12:57   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-06 12:57   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-06 12:57   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-02-06 21:12   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-06 12:57   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2009-08-07 02:38 . 2009-09-02 12:13   45056   ----a-w-   c:\program files\mozilla firefox\components\FFComm.dll
2008-06-27 10:57 . 2009-01-16 14:04   172032   ----a-w-   c:\program files\mozilla firefox\components\XPBrowsealoudPlugin.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Google Update"="c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-23 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="launchapp" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"NDSTray.exe"="NDSTray.exe" [BU]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 1589248]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-05 6854984]

c:\documents and settings\iman\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-7 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-05 924488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56766:TCP"= 56766:TCP:PMB P2P TCP Listening Port
"56766:UDP"= 56766:UDP:PMB P2P UDP Listening Port

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [8/20/2010 6:53 AM 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [8/20/2010 6:53 AM 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [8/20/2010 6:53 AM 28232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 2:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 2:41 AM 67656]
R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [8/20/2010 6:53 AM 1283400]
S1 muufrena;muufrena;\??\c:\windows\system32\drivers\muufrena.sys --> c:\windows\system32\drivers\muufrena.sys [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [8/20/2010 6:53 AM 3364680]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 8:28 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 8:28 AM 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx   REG_MULTI_SZ     scan
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593411582-1523315853-1269952131-1006Core.job
- c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-23 15:54]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593411582-1523315853-1269952131-1006UA.job
- c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-23 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
IE: Download FLV video content with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: Download with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\iman\Application Data\Mozilla\Firefox\Profiles\iee811pn.default\
FF - component: c:\documents and settings\iman\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\documents and settings\iman\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ClientGW - (no file)
HKLM-Run-eSnips - c:\program files\eSnips\ClientGW.exe
AddRemove-Autodesk DWF Viewer - c:\progra~1\Autodesk\AUTODE~1\Setup.exe
AddRemove-HijackThis - e:\software\RegisteryCleaner\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-20 08:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59c1b55b-ebf2-442a-b94f-dcce1e3693e0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000083
"Therad"=dword:00000021
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,5a,e4,0b,a2,cb,91,3b,1d,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f4,48,37,a5,04,25,eb,81,63,fd,7b,50,76,a6,0a,23,63,63,d7,8b,1c,
ff,27,17,9c,b0,51,d3,ab,fc,2e,e0,61,ad,74,3a,7f,82,39,c0,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(424)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-20 08:12:10
ComboFix-quarantined-files.txt 2010-08-20 00:12

Pre-Run: 10,310,451,200 bytes free
Post-Run: 10,343,636,992 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CD9F871607725F7E32C1BFAC7138F41E

securitycheck log:

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Online Armor 4.0
Microsoft Security Essentials
Microsoft Security Essentials successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 15
Out of date Java installed!
Adobe Flash Player 10.0.22.87
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Tall Emu Online Armor OAcat.exe
Microsoft Security Essentials msseces.exe
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

Now, I can connect to the internet. but I don't know whether my laptop is already free from the malware or virus. but Everything is working fine now. Do you think my laptop is ok now??

thank you so much for your help, Dave. never can thank you enough. I'm so grateful that I found this web, will always give credits to this web. thanks so much for your help again. :)

Title: Re: done the malware removal steps, but can't get connected to the internet.
Post by: SuperDave on August 20, 2010, 12:33:09 PM

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version (http://www.java.com/en/download/installed.jsp)

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

************************************
Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

DDS::
uInternet Settings,ProxyOverride = <local>

Driver::
muufrena
Save this as CFScript.txt, in the same location as ComboFix.exe

(http://img19.imageshack.us/img19/5660/cfscriptb4.gif)
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

***********************************************
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

Title: Re: done the malware removal steps, but can't get connected to the internet.
Post by: littlesquall on August 21, 2010, 03:19:01 PM

Combofix log:

ComboFix 10-08-19.02 - iman 08/21/2010 14:46:16.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1421 [GMT 8:00]
Running from: c:\documents and settings\iman\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
F:\khq
I:\khq

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_muufrena

((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-21 05:09 . 2010-08-21 05:09   --------   d-----w-   c:\program files\Java
2010-08-21 04:47 . 2010-08-21 04:47   503808   ----a-w-   c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ce8d1e9-n\msvcp71.dll
2010-08-21 04:47 . 2010-08-21 04:47   499712   ----a-w-   c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ce8d1e9-n\jmc.dll
2010-08-21 04:47 . 2010-08-21 04:47   348160   ----a-w-   c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ce8d1e9-n\msvcr71.dll
2010-08-21 04:46 . 2010-08-21 04:46   61440   ----a-w-   c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-59e3f66a-n\decora-sse.dll
2010-08-21 04:46 . 2010-08-21 04:46   12800   ----a-w-   c:\documents and settings\iman\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-59e3f66a-n\decora-d3d.dll
2010-08-21 04:46 . 2010-08-21 05:09   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-08-19 23:13 . 2010-04-29 07:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-19 23:13 . 2010-04-29 07:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-08-19 23:13 . 2010-08-19 23:13   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-19 23:04 . 2010-08-19 23:12   63488   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-19 23:04 . 2010-08-19 23:04   52224   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-19 23:04 . 2010-08-19 23:12   117760   ----a-w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-19 23:04 . 2010-08-19 23:04   --------   d-----w-   c:\documents and settings\iman\Application Data\SUPERAntiSpyware.com
2010-08-19 23:04 . 2010-08-19 23:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-08-19 22:53 . 2010-08-19 23:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-08-19 22:53 . 2010-08-19 22:54   --------   d-----w-   c:\documents and settings\iman\Application Data\OnlineArmor
2010-08-19 22:53 . 2010-07-05 00:44   22600   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-08-19 22:53 . 2010-07-05 00:44   28232   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-08-19 22:53 . 2010-07-05 00:43   236104   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-08-19 22:53 . 2010-08-19 22:53   --------   d-----w-   c:\program files\Emsisoft
2010-08-17 18:50 . 2010-06-01 17:37   221568   ------w-   c:\windows\system32\MpSigStub.exe
2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\scripting
2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\l2schemas
2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\en
2010-08-16 20:57 . 2010-08-16 20:57   --------   d-----w-   c:\windows\system32\bits
2010-08-16 20:47 . 2010-08-16 20:47   --------   d-----w-   c:\windows\EHome
2010-08-16 08:52 . 2010-08-16 08:52   --------   d-----w-   c:\program files\Trend Micro
2010-08-16 06:55 . 2010-08-16 06:55   --------   d-----w-   c:\documents and settings\iman\Application Data\Malwarebytes
2010-08-16 06:55 . 2010-08-16 06:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-16 02:20 . 2010-08-16 02:20   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-16 02:12 . 2010-08-16 02:12   95360   ----a-w-   c:\windows\system32\drivers\ATAPI.SYS
2010-08-16 00:11 . 2010-08-16 00:11   --------   d-----w-   c:\program files\CCleaner
2010-08-15 23:26 . 2010-08-15 23:26   --------   d-----w-   c:\program files\Microsoft Security Essentials
2010-08-13 18:35 . 2010-08-16 05:03   --------   d-----w-   c:\documents and settings\iman\Local Settings\Application Data\aflgbtide
2010-08-13 18:34 . 2010-08-16 02:12   --------   d-----w-   c:\documents and settings\iman\Application Data\2DBDD7E54A79B756F39BA4FEC9088C2A
2010-08-07 00:02 . 2010-08-07 00:02   116144   ----a-w-   c:\documents and settings\iman\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
2010-08-07 00:02 . 2010-08-09 15:59   --------   d-----w-   c:\documents and settings\iman\Application Data\IDM
2010-07-25 18:25 . 2010-08-19 22:45   452104   ----a-w-   c:\documents and settings\iman\Application Data\Real\Update\setup3.12\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 06:56 . 2008-11-28 12:52   --------   d-----w-   c:\documents and settings\iman\Application Data\Skype
2010-08-21 05:58 . 2009-01-08 07:22   --------   d-----w-   c:\documents and settings\iman\Application Data\DMCache
2010-08-21 05:33 . 2008-11-28 12:53   --------   d-----w-   c:\documents and settings\iman\Application Data\skypePM
2010-08-21 05:09 . 2006-02-06 21:36   --------   d-----w-   c:\program files\Common Files\Java
2010-08-16 22:39 . 2004-08-03 23:00   42112   ----a-w-   c:\windows\system32\drivers\imapi.sys
2010-08-16 22:26 . 2008-11-23 16:24   135592   -c--a-w-   c:\documents and settings\iman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-16 21:00 . 2006-02-06 21:13   76487   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-16 11:48 . 2008-12-20 02:07   --------   d-----w-   c:\program files\Windows Media Connect 2
2010-08-16 09:29 . 2010-05-12 17:05   --------   d-----w-   c:\program files\Macromedia
2010-08-16 09:29 . 2010-05-12 17:05   --------   d-----w-   c:\program files\Common Files\Macromedia
2010-08-16 06:10 . 2008-11-23 16:16   --------   d-----w-   c:\program files\Common Files\Autodesk Shared
2010-08-16 06:02 . 2006-02-06 21:29   --------   d-----w-   c:\program files\Common Files\Adobe
2010-08-16 00:21 . 2008-11-24 14:22   --------   d-----w-   c:\documents and settings\iman\Application Data\Media Player Classic
2010-08-15 23:40 . 2010-06-14 06:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-15 23:40 . 2010-06-14 06:45   --------   d-----w-   c:\program files\Common Files\Apple
2010-08-11 03:07 . 2008-11-23 16:28   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-15 18:22 . 2010-06-14 06:47   --------   d-----w-   c:\program files\QuickTime
2010-07-15 06:06 . 2010-07-15 06:06   737280   ----a-w-   c:\windows\iun6002.exe
2010-07-09 08:07 . 2010-06-09 00:32   --------   d-----r-   c:\program files\Skype
2010-07-09 08:04 . 2006-02-06 21:24   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-04 13:14 . 2010-04-12 11:42   439816   ----a-w-   c:\documents and settings\iman\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 12:31 . 2006-02-06 12:57   149504   ----a-w-   c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2006-02-06 12:57   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2006-02-06 12:57   1851904   ----a-w-   c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-06 12:57   354304   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2006-02-06 12:57   80384   ----a-w-   c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-02-06 21:12   744448   ----a-w-   c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2006-02-06 12:57   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2009-08-07 02:38 . 2009-09-02 12:13   45056   ----a-w-   c:\program files\mozilla firefox\components\FFComm.dll
2008-06-27 10:57 . 2009-01-16 14:04   172032   ----a-w-   c:\program files\mozilla firefox\components\XPBrowsealoudPlugin.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-20_00.08.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-20 00:57 . 2010-08-20 00:57   37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\46ef15b88ef577de4882c519329fc5d2\System.Windows.Presentation.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aada360296a42e0413579a19c771ec2d\System.Web.DynamicData.Design.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54   94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\2b5ff2c6358c483eb1439b99badb54fd\System.ComponentModel.DataAnnotations.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54   82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\6125ff5a4fcd93d70a246cbff3005d42\System.AddIn.Contract.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52   40960 c:\windows\assembly\NativeImages_v2.0.50727_32\SqlToolsMailUtiliti#\812bd518e6788a3be2b2e536e9ff4f55\SqlToolsMailUtilities.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52   53248 c:\windows\assembly\NativeImages_v2.0.50727_32\SQLPS\2b974581ae7be413076c2537acbdf763\SQLPS.ni.exe
+ 2010-08-20 00:52 . 2010-08-20 00:52   24064 c:\windows\assembly\NativeImages_v2.0.50727_32\PerformanceCounter\bd448f17e1a037d0c8b235a3fc1b8139\PerformanceCounter.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\5e5176efbfeb803b7f217525beec6844\Microsoft.Vsa.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   89088 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fe34623084920626a966a45984ca6127\Microsoft.SqlServer.TransferStoredProceduresTask.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f2b3561c1ff33889956aaa065e0f51bf\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   87040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f1878e02c7d6c777653e73cdd169c84b\Microsoft.SqlServer.TransferJobsTask.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ed5190af604d93ec2ed375af3abd8b3f\Microsoft.SqlServer.ForEachFromVarEnumerator.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51   73728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cfffeae495760b9966f7fcd73e278131\Microsoft.SqlServer.Management.PSSnapins.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   43008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\cc624ab6d205a3eaeba6e79eeb0bcdb3\Microsoft.SqlServer.ForEachNodeListEnumerator.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   54784 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c8c9363f546d2dd65405164296a5834e\Microsoft.SqlServer.ForEachADOEnumerator.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   72704 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b6fa5b72ef657e96a1ffc0e273e3eb9c\Microsoft.SqlServer.BatchParserClient.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   22528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\abb4b2ba1c750c13e54443678e728d50\Microsoft.SqlServer.DTSUtilities.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54   96256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a8784857660286abf076c991788fccd5\Microsoft.SqlServer.OlapEnum.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   61440 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a370b63048aeb3c5a429b87d3a4238fc\Microsoft.SqlServer.TableTransferGeneratorTask.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   88064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9d29d8c80cdafcd8d1302fa3e1e13366\Microsoft.SqlServer.TransferErrorMessagesTask.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\97292d5d621957c61cdf3dff84ad9f3b\Microsoft.SqlServer.SqlClrProvider.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   52224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\96045ee2b8394b0de84d1eb3a453db88\Microsoft.SqlServer.ForEachSMOEnumerator.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   34816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8d87ea5c90f26deef6a2660926774e06\Microsoft.SqlServer.SQLTaskConnectionsWrap.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52   25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84e1a34fc0e0ee83fdd8bcb0d3cbac87\Microsoft.SqlServer.Management.PowerShellTasks.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   18432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84b7c3ddcf5bb589bb42a190860f17db\Microsoft.SqlServer.ForEachFileEnumeratorWrap.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   84480 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6a31f1959ccad3f4209118b6b6654b21\Microsoft.SqlServer.TransferDatabasesTask.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28   98816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4e4dc8db5aaec456af39450a3d7e583d\Microsoft.SqlServer.DlgGrid.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54   32768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3c4ed10f18f81f1e462c4b75b0e5ffb9\Microsoft.SqlServer.PolicyEnum.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   94720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\39bc5cfa51673cf4014970de8d4cf3cb\Microsoft.SqlServer.TransferLoginsTask.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   69120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2fa4e4fe25bae25ae5e7960a3ac37fd5\Microsoft.SqlServer.WMIEWTask.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2f8f6a426e825b7000a42028b5b2f001\Microsoft.SqlServer.SqlTDiagM.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2bf6113114fbab03030f7ee62686a5d4\Microsoft.SqlServer.Dts.Design.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   52224 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2868b916e153ea3c1791005721ed9e02\Microsoft.SqlServer.SqlCEDest.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   69632 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\279bdda83fff43bbbbe29002ce457982\Microsoft.SqlServer.WMIDRTask.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51   65536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1a0607a5f678644fb0371c0664329693\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   44032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\15065bff758086215f6e66c611d25d1c\Microsoft.SqlServer.DTEnum.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52   65536 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\13b0c42c709b2a8a50ff0f5b10d76ebc\Microsoft.SqlServer.Instapi.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   55808 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0b32a1bad9a86056fc88eac78ce7a982\Microsoft.SqlServer.ManagedConnections.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   86528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0ac32fd008f95831111d8206380fe35d\Microsoft.SqlServer.FileSystemTask.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   42496 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\04095334dff60b0d128ad75478c9246c\Microsoft.SqlServer.SString.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28   76288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\040622673a43b9878d1809a87ef68cca\Microsoft.SqlServer.CustomControls.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   53248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\add749f03b54587b17541e43f4f26f2a\Microsoft.DataWarehouse.Interfaces.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e1d4e0b1f112000ab33bbaf88bd9ed99\Microsoft.Build.Framework.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   39936 c:\windows\assembly\NativeImages_v2.0.50727_32\interop.msdasc\1e97297b3251606a19b0ace70660f0f0\interop.msdasc.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\50b7fc7f36c76313cbb434b10923e4e9\dfsvc.ni.exe
+ 2010-08-21 05:30 . 2010-08-21 05:58   1606 c:\windows\SoftwareDistribution\EventCache\{AF673D10-CE56-4C75-99A1-C7C7C253B48B}.bin
+ 2010-08-21 05:09 . 2010-08-21 05:09   153376 c:\windows\system32\javaws.exe
- 2009-09-09 23:08 . 2009-07-24 21:23   145184 c:\windows\system32\javaw.exe
+ 2010-08-21 05:09 . 2010-08-21 05:09   145184 c:\windows\system32\javaw.exe
- 2009-09-09 23:08 . 2009-07-24 21:23   145184 c:\windows\system32\java.exe
+ 2010-08-21 05:09 . 2010-08-21 05:09   145184 c:\windows\system32\java.exe
+ 2010-08-21 05:09 . 2010-08-21 05:09   180224 c:\windows\Installer\184b9f8.msi
+ 2010-08-21 05:09 . 2010-08-21 05:09   677376 c:\windows\Installer\184b9f0.msi
+ 2010-08-20 00:53 . 2010-08-20 00:53   321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\a16b8bcca59515281688ec856c034698\WsatConfig.ni.exe
+ 2010-08-20 00:57 . 2010-08-20 00:57   400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ff53d5b5249a2841ee196294429f51cf\System.Xml.Linq.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\5e16c279496a553c988c6199f0cee8aa\System.Web.Routing.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57   859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\720b28d81e987b889180b291ea19b821\System.Web.Extensions.Design.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57   328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\da36fd678161cd3444ef547c894e3f35\System.Web.Entity.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57   301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\49ae7c73fac8827123d5db1714c22599\System.Web.Entity.Design.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ce3aa27d3c4c052845ac5abb1374defa\System.Web.DynamicData.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95fab896ef2af14876e3e1524379773b\System.Web.Abstractions.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\2a080994f308f347b0497bb8804861cf\System.Net.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\97bd2a5d946aa3a824e4cfe5b6ef95aa\System.Messaging.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\904fda53006680a67f917ab638be0305\System.Management.Instrumentation.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52   381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\4490976887e2e5a3b594041edbdf5064\System.IO.Log.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52   212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\77b9f6f6671aaaeb84c6907d467e792c\System.IdentityModel.Selectors.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\849e98c9f428a12cb581320a23f69dbd\System.DirectoryServices.AccountManagement.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\ad95820d2e29e8d55c0d8a838214c6e5\System.Data.Services.Design.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\617acb0d900bdde947ec79f7b5ccc183\System.Data.Services.Client.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\488c4017d45e861644a34fae557aa80f\System.Data.Entity.Design.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54   135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\41345e34f26854fc1878eae3e4d5d4a5\System.Data.DataSetExtensions.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54   633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\93a0958d5557e2b380647af0171ad354\System.AddIn.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\d0758f84e927e3f0a15a6cde1b96d835\SMSvcHost.ni.exe
+ 2010-08-20 00:53 . 2010-08-20 00:53   256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8043a108e3bb2d3dcc84b547b8085e99\SMDiagnostics.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\5aeb40ff7128df2881fb03c01d070b20\ServiceModelReg.ni.exe
+ 2010-08-20 00:53 . 2010-08-20 00:53   133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5db9c32d9f352162e6da220ca463db0d\MSBuild.ni.exe
+ 2010-08-20 00:53 . 2010-08-20 00:53   386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fcf975f74bd134d8e0fa8f37c5bc6a8c\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   244736 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\edb591895a614f435dbf354b80ab1d71\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   134144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e9a7a16797a586dd49adde1fcb39231e\Microsoft.SqlServer.SQLTask.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51   151040 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e3bbca5ceb2641f3e1558af12d4869e8\Microsoft.SqlServer.Management.PSProvider.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   485888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\de748d7f48f3c3a1a4f332186cf0b5d1\Microsoft.SqlServer.Msxml6_interop.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   347648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\da8170c5ca36fcb93457d5de82f232f2\Microsoft.SqlServer.TransferObjectsTask.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28   994816 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d74cbf88afaf706d401fa4c8480e3df6\Microsoft.SqlServer.WizardFramework.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   128000 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d2019214126a9523881dcdae76c829df\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   190464 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c7e29eccf4feae67a765f91f3035946b\Microsoft.SqlServer.Management.MultiServerConnection.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   400896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b81172e4105732a5888c34f43ac71973\Microsoft.SqlServer.SmoExtended.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   137216 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a886cbb7235014796042c1dd5f4def6b\Microsoft.SqlServer.ConnectionInfoExtended.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   751104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a80196b01df76bdd6f9fc1c57349e0e7\Microsoft.SqlServer.ManagedDTS.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51   251904 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\93346229aefa38a12c04ef1ac9412c9e\Microsoft.SqlServer.SqlWmiManagement.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   483328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8da24b93c90be059ffb44c4e456914a0\Microsoft.SqlServer.XmlSrc.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   128512 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\63d62c785f3af01a44d681e312f1b6c4\Microsoft.SqlServer.DTSPipelineWrap.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   103424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5e8b8a381f72ebed45bc946cce48374b\Microsoft.SqlServer.ADONETSrc.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   221184 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5ba275b309a53ecb67c59569070cb287\Microsoft.SqlServer.PackageFormatUpdate.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   414208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5adc20a2f3ade8c9154582988d1f2807\Microsoft.SqlServer.DTSRuntimeWrap.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   288768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5a37194ca3850cba95b1cdef24195139\Microsoft.SqlServer.Management.CollectorTasks.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54   108032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4fec7b7912735b4953565821d7a07a8a\Microsoft.SqlServer.VSTAScriptingLib.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   534528 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4b1d546db2192665dfb012c4d7eb9fc3\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   158208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\44f474765d3bae85d2f18a21620a761e\Microsoft.SqlServer.DtsMsg.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   183296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\41d763de96a4c4f46ef4093c60bb8d8e\Microsoft.SqlServer.WebServiceTask.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   632320 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3bdb1af077cd229f4dd31c6be4dbae84\Microsoft.SqlServer.BatchParser.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   138752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\39125f9f1beec760b5cad1c64d90f2de\Microsoft.SqlServer.PipelineHost.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   152064 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3516fb8a01964501c5e4b9eb2cd18d4a\Microsoft.SqlServer.PipelineXML.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   144896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\28cc0e58de3cd510f281512ff02ac2c3\Microsoft.SqlServer.ADONETDest.ni.dll
+ 2010-08-20 00:30 . 2010-08-20 00:30   337920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\23c407c1754933b28dfefdb8a764c2a7\Microsoft.SqlServer.XMLTask.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51   205312 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\14b618c8e62587a29e8ebaf8cd3e3893\Microsoft.SqlServer.Management.RegisteredServers.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28   175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\10fc29b3d5d45f57ba9dc0f66ed8efbb\Microsoft.SqlServer.DataStorage.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   165376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0fab35499c74f6bbdeb457f14b42b6bd\Microsoft.SqlServer.DtsTransferProvider.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28   531968 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\02990699368c5b5258c938f8a365b7d4\Microsoft.SqlServer.GridControl.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28   232960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\00dd1dbc1c918291603aa0e853a11285\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52   233472 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Exception#\1013736f3b2743f048051d62c4960601\Microsoft.ExceptionMessageBox.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\585cc7218599e7806521d0e737ba5ffb\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\3057ec53731286e69e389d103c32fa41\Microsoft.Build.Engine.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\914e338ac6e92714f3e32ae5d89bf03b\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54   510976 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\05458562792fd615f5b70a3b48fa32cb\Microsoft.AnalysisServices.Xmla.ni.dll
+ 2010-08-20 00:12 . 2010-08-20 00:12   170496 c:\windows\assembly\NativeImages_v2.0.50727_32\DTEParseMgd\b1eade4f831b47a2817eab5027369a93\DTEParseMgd.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\daca3c9ad6d867d3fec70d14b4f20cf3\ComSvcConfig.ni.exe
+ 2010-08-20 00:10 . 2010-08-20 00:10   842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\56aec0938ef1bbdeca65b07a5fe8cd39\AspNetMMCExt.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   265728 c:\windows\assembly\NativeImages_v2.0.50727_32\ADODB\44ad73cd0e12ce6b95fac3a1b43f3391\ADODB.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57   1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\60b3c9a63b2065a6952d16256545c25d\System.WorkflowServices.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57   1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5cc2a23ce8ac371c7a97b5e542ee27ed\System.Workflow.Runtime.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57   4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c0aabf67e7ef98dc10c3e174c136731b\System.Workflow.ComponentModel.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57   2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\66682c8a064608ba4ffd0463cf09aef9\System.Workflow.Activities.ni.dll
+ 2010-08-20 00:57 . 2010-08-20 00:57   2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\9b455702c9b7b02c5708406f87986751\System.Web.Mobile.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\49c7a1c78ed9502ba97c11e6bd993f63\System.Web.Extensions.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\f5790a1b7b41e7b8d05f01b549c80f39\System.ServiceModel.Web.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52   2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8061a0f5c1c2ee0549e19224352f67fa\System.Runtime.Serialization.ni.dll
+ 2010-08-20 00:52 . 2010-08-20 00:52   1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\0885f31c21b796465fde6297dba20981\System.IdentityModel.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\23cf0498f2ebe4c8ffa5cc79efca2dc5\System.Data.Services.ni.dll
+ 2010-08-20 00:56 . 2010-08-20 00:56   9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6ce886492d9b6a34555be3f328682ec2\System.Data.Entity.ni.dll
+ 2010-08-20 00:54 . 2010-08-20 00:54   1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\9732a7c993055f82040642966db07ccf\Microsoft.VisualBasic.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\773d7bf69a9a0c0556aa41f53e75ab05\Microsoft.Transactions.Bridge.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   1118208 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f8be778e5e1b5e8f59526bd4b4892251\Microsoft.SqlServer.Dmf.ni.dll
+ 2010-08-20 00:51 . 2010-08-20 00:51   3476992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e2f7bdf84d04934ef39114871e2948f7\Microsoft.SqlServer.Replication.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   6115328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\938a917fdd99679593903a571d706690\Microsoft.SqlServer.Smo.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   1488384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\91d96700af39b4bdcaf923cb3df67929\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   1125888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\91bd0e4e2712b37494cd06965feaeac4\Microsoft.SqlServer.Management.Sdk.Sfc.ni.dll
+ 2010-08-20 00:29 . 2010-08-20 00:29   2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\16ff33f07efdb9da2a18e27585c604be\Microsoft.JScript.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28   1602048 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\d90feee9b4f647700e157a862e8a93ca\Microsoft.DataTransformationServices.Controls.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\d0fb91b296616a1a844bf265947018ee\Microsoft.Build.Tasks.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\892e993c8df1c75081113131dc429c15\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d0beebd2c9045158cdcd4bd5987b717b\Microsoft.Build.Engine.ni.dll
+ 2010-08-20 00:53 . 2010-08-20 00:53   2949120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\66acf189dd712ee7b5fdb541e9710d7d\Microsoft.AnalysisServices.ni.dll
+ 2010-08-20 00:28 . 2010-08-20 00:28   1354240 c:\windows\assembly\NativeImages_v2.0.50727_32\DTSWizard\291e53ccca9cac3f4faffdda87feabcc\DTSWizard.ni.exe
+ 2010-08-20 00:53 . 2010-08-20 00:53   17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f523a69e7c93ee4f245c996eac4b3a57\System.ServiceModel.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Google Update"="c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-23 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="launchapp" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2005-12-29 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"NDSTray.exe"="NDSTray.exe" [BU]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-27 1589248]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-05 6854984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\iman\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-7 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-05 924488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56766:TCP"= 56766:TCP:PMB P2P TCP Listening Port
"56766:UDP"= 56766:UDP:PMB P2P UDP Listening Port

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [8/20/2010 6:53 AM 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [8/20/2010 6:53 AM 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [8/20/2010 6:53 AM 28232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 2:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 2:41 AM 67656]
R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [8/20/2010 6:53 AM 1283400]
S2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [8/20/2010 6:53 AM 3364680]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/11/2008 8:28 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/11/2008 8:28 AM 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx   REG_MULTI_SZ     scan
.
Contents of the 'Scheduled Tasks' folder

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593411582-1523315853-1269952131-1006Core.job
- c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-23 15:54]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2593411582-1523315853-1269952131-1006UA.job
- c:\documents and settings\iman\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-23 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all links with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetAll.htm
IE: Download FLV video content with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEGetVL.htm
IE: Download with IDM - c:\documents and settings\Default User\Local Settings\Temp\bsasee3y5d\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\iman\Application Data\Mozilla\Firefox\Profiles\iee811pn.default\
FF - plugin: c:\documents and settings\iman\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 14:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59c1b55b-ebf2-442a-b94f-dcce1e3693e0}]
@Denied: (Full) (Everyone)
"Model"=dword:00000083
"Therad"=dword:00000021
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,5a,e4,0b,a2,cb,91,3b,1d,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f4,48,37,a5,04,25,eb,81,63,fd,7b,50,76,a6,0a,23,63,63,d7,8b,1c,
ff,27,17,9c,b0,51,d3,ab,fc,2e,e0,61,ad,74,3a,7f,82,39,c0,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(424)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2572)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-08-21 15:02:08
ComboFix-quarantined-files.txt 2010-08-21 07:02
ComboFix2.txt 2010-08-20 00:12

Pre-Run: 9,887,891,456 bytes free
Post-Run: 9,881,948,160 bytes free

- - End Of File - - 9631A1F946221B6262125F5EBB9C1A8E

Gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-22 04:55:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\iman\LOCALS~1\Temp\ufliapog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwAllocateVirtualMemory [0xA82D0ED0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwAssignProcessToJobObject [0xA82D1700]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwConnectPort [0xA82CEDA0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateFile [0xA82DE9C0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreatePort [0xA82CE8E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateProcess [0xA82CB620]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateProcessEx [0xA82CBA30]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateSection [0xA82CAEF0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwCreateThread [0xA82CCF20]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwDebugActiveProcess [0xA82CDB90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwDuplicateObject [0xA82CE6F0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwLoadDriver [0xA82D0490]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwOpenFile [0xA82DF040]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwOpenProcess [0xA82CCA20]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwOpenSection [0xA82CB310]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwOpenThread [0xA82CD420]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwProtectVirtualMemory [0xA82D1350]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwQueryDirectoryFile [0xA82D0A70]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwQueueApcThread [0xA82D18A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwRequestPort [0xA82CF9A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwRequestWaitReplyPort [0xA82CFF90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwRestoreKey [0xA82DE550]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwResumeThread [0xA82CE340]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSecureConnectPort [0xA82CF190]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSetContextThread [0xA82CD970]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) ZwSetSystemInformation [0xA82CDD30]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Emsisoft) &n

Title: Re: done the malware removal steps, but can't get connected to the internet.
Post by: SuperDave on August 22, 2010, 11:50:56 AM

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.

•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Title: Re: done the malware removal steps, but can't get connected to the internet.
Post by: littlesquall on August 22, 2010, 06:06:47 PM

the eset log:

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=cd1d465c2d5430419a2135908657a5ca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-08-23 12:19:50
# local_time=2010-08-23 08:19:50 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 569244 569244 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776869 100 100 0 12104990 0 0
# compatibility_mode=6401 16777214 66 100 0 3391060 0 0
# compatibility_mode=8192 67108863 100 0 11447 11447 0 0
# scanned=95965
# found=0
# cleaned=0
# scan_time=4781

when the scan is complete, there is no list of found threats. Does it means it is clean?

Thanks, Dave for your concern. It is much appreciated.

Title: Re: done the malware removal steps, but can't get connected to the internet.
Post by: SuperDave on August 22, 2010, 07:24:22 PM

Quote

when the scan is complete, there is no list of found threats. Does it means it is clean?

That looks good. Let's do some clean-up.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

************************************

Download OTC by OldTimer (http://oldtimer.geekstogo.com/OTC.exe) and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

***********************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

***********************************

Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

----------

I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)

Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Title: Re: done the malware removal steps, but can't get connected to the internet.
Post by: littlesquall on August 24, 2010, 01:51:29 AM

Thank you so much, Dave, for helping me fix and clean up my laptop.
My laptop have a better performance now. thanks! ;D