Solved

My computer is infected but i haven't installed a program or i haven't anything to download...

Posted on 2009-04-05
9
989 Views
Last Modified: 2013-12-09
2 hours ago, my machine was working perfectly and i haven't installed anyting or i haven't download anything for 2 weeks...

1) I couldn't have the programs in the taskbar, i mean when minimized, no program appears
2) System restore cannot protect your computer
3) Windows key doesn't trigger windows icon
4) It seems no program is working...
5) Malware bytes is not working...
6) Symantec Corporate works but i couldn't update it to scan...
7) My network adapters gone!!!
8) Device manager doesn't show anything!
9) I couldn't see the user name for programs in task manager...
10) Same above for Safe Mode...

Barely, my machine recognizes my USB in safe mode and i run an old version of ComboFix right now...

I will inform you soon...

Best regards...
0
Comment
Question by:jazzIIIlove
9 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 24073399
start>run>cmd

tasklist /svc

Please paste the output here please.....
0
 
LVL 8

Expert Comment

by:skywalker39
ID: 24073426
Hi jazzllllove,

I'm just curious but did you download and install your Windows Updates?
0
 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24073641
Friends...you won't believe me...but my machine was working perfectly 4 hours ago...I haven't install anything..I just hanging around in youtube...nothing installed, downloaded...

I started combofix scan and it's attached...right now, i have just started KAV with live-cd...

I am going to apply your solutions after KAV finishes his work...

Also, i am going to send hijackthis log...and retry for malware bytes...Unbelievable...must be a joke...

If i go to system restore somehow, i know, i will be safe...but even i cannot enter it...

"System restore cannot protect your computer" error is what i got...

Thanks friends...I am going to apply your solutions too...but disk is 150 G...:(
ComboFix 09-04-04.01 - Administrator 2009-04-06  2:41:00.5 - NTFSx86 MINIMAL
Running from: G:\ComboFix.exe
 
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
 
.
(((((((((((((((((((((((((   Files Created from 2009-03-05 to 2009-04-05  )))))))))))))))))))))))))))))))
.
 
2009-04-30 18:45 . 2009-04-30 18:45	969	-rah-----	c:\windows\system32\sym-upd.cta
2009-04-05 19:53 . 2009-04-05 19:53	<DIR>	d--------	C:\debian
2009-04-03 02:18 . 2009-04-03 02:18	<DIR>	d--------	C:\Windows Server 2008 Datacenter Enterprise and Standard (x64) - DVD (English)
2009-04-02 19:44 . 2007-03-26 20:05	1,835,008	--a------	c:\windows\system32\vdrive.exe
2009-04-02 19:44 . 2007-03-26 19:41	557,056	--a------	c:\windows\system32\bdwf.exe
2009-04-02 19:44 . 2007-03-29 13:36	151,270	--a------	c:\windows\system32\run.exe.PreARM
2009-04-02 19:44 . 2007-03-29 13:22	68,848	--a------	c:\windows\system32\driverbuild.ocx
2009-04-02 19:44 . 2007-02-10 16:29	32,768	--a------	c:\windows\system32\touch.exe
2009-04-02 19:44 . 2007-03-26 19:51	9,790	-rah-----	c:\windows\system32\fgh
2009-04-02 19:44 . 2007-01-01 18:18	36	-rah-----	c:\windows\system32\wre.cdm
2009-04-02 19:41 . 2009-04-02 19:42	2,563,072	--a------	c:\windows\system32\BDVD.exe
2009-04-02 19:38 . 2008-03-26 15:32	803	-ra------	c:\windows\system32\ipf.cc
2009-04-02 19:38 . 2008-03-26 15:34	498	-ra------	c:\windows\system32\ips.cc
2009-04-02 19:37 . 2008-03-26 16:42	69,120	-ra------	c:\windows\system32\lusetup.exe
2009-04-02 19:37 . 2006-03-25 11:36	64,000	-rahs----	c:\windows\system32\checker.dat
2009-04-02 19:37 . 2008-03-26 15:46	9,605	-rah-----	c:\windows\system32\checker.ocx
2009-03-30 14:14 . 2009-03-30 14:16	<DIR>	d--------	c:\program files\Recovery for PDF
2009-03-25 16:57 . 2009-03-25 16:57	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Last.fm
2009-03-25 16:53 . 2009-03-30 15:34	<DIR>	d--------	c:\program files\Last.fm
2009-03-23 18:41 . 2009-03-23 18:41	4,417,710	--a------	c:\windows\system32\Dexter's Screen Saver.Scr
2009-03-17 18:30 . 2009-03-17 18:44	<DIR>	d--------	c:\program files\nLite
2009-03-17 17:12 . 2009-03-17 17:12	<DIR>	d--------	c:\program files\Innovative Solutions
2009-03-17 11:16 . 2009-03-17 11:16	<DIR>	d--------	c:\program files\Double Driver
2009-03-17 11:16 . 2008-12-01 08:00	517,120	--a------	c:\windows\system32\7-ZIP32.DLL
2009-03-10 11:38 . 2009-03-10 11:38	<DIR>	d--------	c:\program files\DiskInternals
2009-03-09 12:14 . 2009-03-09 12:23	<DIR>	d--------	C:\tmp
2009-03-09 12:14 . 2009-03-09 12:22	<DIR>	d--------	C:\PDFZilla
2009-03-09 12:14 . 2009-03-09 12:24	<DIR>	d--------	C:\output
2009-03-09 12:05 . 2009-03-09 12:11	610	--a------	c:\windows\system32\winpdf.ini
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 23:29	---------	d-----w	c:\program files\FlashGet
2009-04-05 23:19	---------	d-----w	c:\documents and settings\All Users\Application Data\Babylon
2009-04-05 23:17	---------	d-----w	c:\documents and settings\All Users\Application Data\VMware
2009-04-03 11:19	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2009-04-02 16:33	---------	d-----w	c:\program files\Symantec AntiVirus
2009-04-02 14:21	---------	d-----w	c:\program files\NetBeans 6.1
2009-03-31 07:50	---------	d-----w	c:\documents and settings\NetworkService\Application Data\VMware
2009-03-25 13:57	---------	d-----w	c:\program files\iTunes
2009-03-23 09:18	---------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-03-20 14:50	---------	d-----w	c:\program files\Microsoft SQL Server
2009-03-17 15:26	---------	d-----w	c:\documents and settings\Baran\Application Data\VMware
2009-03-16 13:12	---------	d-----w	c:\documents and settings\Baran\Application Data\Babylon
2009-03-15 18:00	---------	d-----w	c:\documents and settings\Baran\Application Data\dvdcss
2009-03-13 14:59	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-09 12:44	---------	d-----w	c:\documents and settings\Baran\Application Data\MySQL
2009-03-09 12:43	---------	d-----w	c:\documents and settings\Baran\Application Data\SQLyog
2009-03-02 17:37	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-03-02 17:15	---------	d-----w	c:\program files\Compaq
2009-02-21 15:44	---------	d-----w	c:\program files\Advanced Port Scanner
2009-02-21 15:31	---------	d-----w	c:\documents and settings\Baran\Application Data\OpenOffice.org2
2009-02-16 13:00	---------	d-----w	c:\program files\Microsoft Virtual PC
2009-02-11 08:19	38,496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 08:19	15,504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-02-09 14:05	1,846,784	----a-w	c:\windows\system32\win32k.sys
2009-02-09 08:13	---------	d-----w	c:\program files\iPod
2009-02-09 08:13	---------	d-----w	c:\program files\Common Files\Apple
2009-02-09 08:13	---------	d-----w	c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-09 08:11	---------	d-----w	c:\program files\QuickTime
2009-02-09 08:07	---------	d-----w	c:\program files\Bonjour
2008-09-29 04:03	47,360	----a-w	c:\documents and settings\Baran\Application Data\pcouffin.sys
2006-03-25 08:36	64,000	--sha-r	c:\windows\system32\checker.dat
.
 
------- Sigcheck -------
 
Cryptography Services Error !!
.
(((((((((((((((((((((((((((((   snapshot@2009-01-26_ 4.28.18,23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 13:59:34	1,847,552	----a-w	c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:59:29	756,600	----a-w	c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:59:14	144,896	----a-w	c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:21:50	17,272	----a-w	c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:21:50	232,824	----a-w	c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:21:50	26,488	----a-w	c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:41:01	756,600	----a-w	c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:41:01	386,424	----a-w	c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB960715\spmsg.dll
+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB960715\spuninst.exe
+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB960715\update\spcustom.dll
+ 2008-11-15 17:19:26	756,600	----a-w	c:\windows\$hf_mig$\KB960715\update\update.exe
+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB960715\update\updspapi.dll
+ 2008-06-17 19:03:59	8,467,456	----a-w	c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:59:29	756,600	----a-w	c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2008-07-09 07:59:26	232,824	-c----w	c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe
+ 2008-07-09 07:59:37	386,424	-c----w	c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll
+ 2008-04-15 12:00:00	8,466,432	-c----w	c:\windows\$NtUninstallKB967715$\shell32.dll
+ 2008-07-09 07:59:26	232,824	-c----w	c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe
+ 2008-07-09 07:59:37	386,424	-c----w	c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll
- 2008-09-29 01:11:25	363,376	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
+ 2009-03-20 14:45:10	360,800	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
- 2008-09-29 01:11:26	78,192	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
+ 2009-03-20 14:45:11	75,616	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
- 2008-09-29 01:11:34	1,626,480	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
+ 2009-03-20 14:45:21	1,625,952	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
- 2008-09-29 01:11:27	546,160	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
+ 2009-03-20 14:45:12	543,584	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
- 2008-09-29 01:11:26	140,656	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
+ 2009-03-20 14:45:11	138,080	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
- 2008-09-29 01:11:26	1,217,904	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
+ 2009-03-20 14:45:11	1,215,328	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
- 2008-09-29 01:11:26	38,256	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
+ 2009-03-20 14:45:11	35,680	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
- 2008-09-29 01:09:32	136,560	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
+ 2009-03-20 14:41:11	133,984	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
- 2008-09-29 01:11:25	157,040	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
+ 2009-03-20 14:45:10	154,464	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
- 2008-09-29 01:09:32	46,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
+ 2009-03-20 14:41:11	43,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
- 2008-09-29 01:09:32	202,096	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
+ 2009-03-20 14:41:11	199,520	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
- 2008-09-29 01:11:26	71,024	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
+ 2009-03-20 14:45:11	68,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
- 2008-09-29 01:11:26	558,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
+ 2009-03-20 14:45:11	555,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
- 2008-09-29 01:11:25	42,352	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
+ 2009-03-20 14:45:10	39,776	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
- 2008-09-29 01:11:25	1,598,832	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
+ 2009-03-20 14:45:10	1,604,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
- 2008-09-29 01:11:25	222,576	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
+ 2009-03-20 14:45:10	220,000	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
- 2008-09-29 01:11:25	906,608	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
+ 2009-03-20 14:45:10	895,840	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
- 2008-09-29 01:09:32	595,312	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
+ 2009-03-20 14:41:11	592,736	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
- 2008-09-29 01:11:25	46,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
+ 2009-03-20 14:45:10	43,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
+ 2009-03-20 14:51:23	249,856	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\ce195aef04208a328e9c4f8fa1c6f65d\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2009-03-20 14:51:24	90,112	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\58867f7ce6aa6d044a6877451ba99fc7\Microsoft.SqlServer.CustomControls.ni.dll
+ 2009-03-20 14:51:26	561,152	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7d9b28b61883644575172085bd1687c6\Microsoft.SqlServer.GridControl.ni.dll
+ 2009-03-20 14:51:27	1,028,096	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84f87159bb47418d53465c11403d5afd\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
- 2005-10-20 18:02:28	163,328	----a-w	c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 17:02:28	163,328	----a-w	c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2009-02-09 08:07:44	86,016	----a-r	c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-04-02 16:14:21	352,256	----a-r	c:\windows\Installer\{26380174-DEAE-4939-8DEC-A17C7B6A0C91}\ARPPRODUCTICON.exe
- 2009-01-17 11:40:02	1,165,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-13 14:59:53	1,165,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-17 11:40:03	20,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-13 14:59:53	20,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-17 11:40:02	159,504	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-13 14:59:53	159,504	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-17 11:40:02	184,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-13 14:59:53	184,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-17 11:40:03	217,864	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-13 14:59:53	217,864	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-17 11:40:03	18,704	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-13 14:59:53	18,704	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-17 11:40:03	35,088	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-13 14:59:53	35,088	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-17 11:40:03	845,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-13 14:59:53	845,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-17 11:40:03	922,384	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-13 14:59:53	922,384	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-17 11:40:03	272,648	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-13 14:59:53	272,648	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-17 11:40:03	888,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-13 14:59:53	888,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-17 11:40:02	1,172,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-13 14:59:53	1,172,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-09 08:14:08	102,400	----a-r	c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe
- 2000-08-31 06:00:00	29,696	----a-w	c:\windows\NIRCMD.exe
+ 2000-08-31 05:00:00	29,696	----a-w	c:\windows\NIRCMD.exe
+ 2007-02-10 03:09:12	127,856	----a-w	c:\windows\SQL9_KB960089_ENU\batchparser90.dll
+ 2007-02-10 03:09:20	1,039,728	----a-w	c:\windows\SQL9_KB960089_ENU\dbghelp.dll
+ 2007-02-10 03:15:30	1,160,560	----a-w	c:\windows\SQL9_KB960089_ENU\dumpdatastore.dll
+ 2008-12-18 02:24:10	2,538,848	----a-w	c:\windows\SQL9_KB960089_ENU\hotfix.exe
+ 2005-10-13 21:26:42	548,864	----a-w	c:\windows\SQL9_KB960089_ENU\msvcp80.dll
+ 2005-10-13 21:26:42	626,688	----a-w	c:\windows\SQL9_KB960089_ENU\msvcr80.dll
+ 2007-02-10 03:29:52	143,728	----a-w	c:\windows\SQL9_KB960089_ENU\sqlcmd.exe
+ 2007-02-10 03:29:52	533,872	----a-w	c:\windows\SQL9_KB960089_ENU\sqldiscoveryapi.dll
+ 2007-02-10 03:29:54	230,256	----a-w	c:\windows\SQL9_KB960089_ENU\sqlsetupvista.dll
+ 2007-02-10 03:09:12	127,856	----a-w	c:\windows\SQLTools9_KB960089_ENU\batchparser90.dll
+ 2007-02-10 03:09:20	1,039,728	----a-w	c:\windows\SQLTools9_KB960089_ENU\dbghelp.dll
+ 2007-02-10 03:15:30	1,160,560	----a-w	c:\windows\SQLTools9_KB960089_ENU\dumpdatastore.dll
+ 2008-12-18 02:24:10	2,538,848	----a-w	c:\windows\SQLTools9_KB960089_ENU\hotfix.exe
+ 2005-10-13 21:26:42	548,864	----a-w	c:\windows\SQLTools9_KB960089_ENU\msvcp80.dll
+ 2005-10-13 21:26:42	626,688	----a-w	c:\windows\SQLTools9_KB960089_ENU\msvcr80.dll
+ 2007-02-10 03:29:52	143,728	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqlcmd.exe
+ 2007-02-10 03:29:52	533,872	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqldiscoveryapi.dll
+ 2007-02-10 03:29:54	230,256	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqlsetupvista.dll
- 2000-08-31 06:00:00	161,792	----a-w	c:\windows\SWREG.exe
+ 2000-08-31 05:00:00	161,792	----a-w	c:\windows\SWREG.exe
+ 2008-09-17 13:29:12	20,040	----a-w	c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
- 2008-04-15 12:00:00	144,384	-c--a-w	c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 06:55:55	144,896	-c--a-w	c:\windows\system32\dllcache\schannel.dll
- 2008-04-15 12:00:00	8,466,432	-c--a-w	c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:01:35	8,466,944	-c--a-w	c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 15:25:48	1,846,400	-c--a-w	c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:05:18	1,846,784	-c--a-w	c:\windows\system32\dllcache\win32k.sys
- 2007-06-11 20:51:12	10,834,944	-c--a-w	c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 16:34:42	10,838,016	-c--a-w	c:\windows\system32\dllcache\wmp.dll
- 2008-08-29 07:18:58	87,336	----a-w	c:\windows\system32\dns-sd.exe
+ 2008-12-12 09:18:16	87,336	----a-w	c:\windows\system32\dns-sd.exe
- 2008-08-29 06:53:50	61,440	----a-w	c:\windows\system32\dnssd.dll
+ 2008-12-12 09:11:46	61,440	----a-w	c:\windows\system32\dnssd.dll
- 2008-09-10 13:45:18	32,000	----a-w	c:\windows\system32\drivers\usbaapl.sys
+ 2008-11-07 12:23:30	32,000	----a-w	c:\windows\system32\drivers\usbaapl.sys
+ 2007-02-17 22:15:34	232,816	----a-w	c:\windows\system32\drivers\VMM.sys
+ 2007-01-29 04:20:34	59,280	----a-w	c:\windows\system32\drivers\VMNetSrv.sys
+ 2008-11-07 12:23:30	32,000	-c--a-w	c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2009-01-23 16:30:01	1,559,360	----a-w	c:\windows\system32\FNTCACHE.DAT
+ 2009-03-13 18:48:28	1,559,360	----a-w	c:\windows\system32\FNTCACHE.DAT
+ 2009-02-03 02:15:28	3,771,296	----a-w	c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:30	240,544	----a-w	c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-04-03 09:56:59	84,661	----a-w	c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-01-10 01:35:28	20,853,704	----a-w	c:\windows\system32\MRT.exe
+ 2009-02-25 20:54:59	24,768,960	----a-w	c:\windows\system32\MRT.exe
- 2008-12-08 18:39:34	91,280	----a-w	c:\windows\system32\perfc009.dat
+ 2009-03-31 07:55:11	91,954	----a-w	c:\windows\system32\perfc009.dat
- 2009-01-21 10:03:09	85,902	----a-w	c:\windows\system32\perfc01F.dat
+ 2009-03-31 07:55:11	104,260	----a-w	c:\windows\system32\perfc01F.dat
- 2008-12-08 18:39:34	493,814	----a-w	c:\windows\system32\perfh009.dat
+ 2009-03-31 07:55:11	494,488	----a-w	c:\windows\system32\perfh009.dat
- 2009-01-21 10:03:09	441,894	----a-w	c:\windows\system32\perfh01F.dat
+ 2009-03-31 07:55:11	490,278	----a-w	c:\windows\system32\perfh01F.dat
+ 2005-04-30 15:45:44	129,437	----a-w	c:\windows\system32\riched64.dll
- 2008-04-15 12:00:00	144,384	----a-w	c:\windows\system32\schannel.dll
+ 2008-12-05 06:55:55	144,896	----a-w	c:\windows\system32\schannel.dll
- 2008-04-15 12:00:00	8,466,432	----a-w	c:\windows\system32\shell32.dll
+ 2008-06-17 19:01:35	8,466,944	----a-w	c:\windows\system32\shell32.dll
- 2007-11-30 12:39:22	17,272	------w	c:\windows\system32\spmsg.dll
+ 2007-11-30 11:21:50	17,272	------w	c:\windows\system32\spmsg.dll
- 2008-04-14 07:00:28	373,248	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2008-07-06 12:06:10	373,248	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
- 2008-04-14 07:00:28	744,448	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2008-07-06 12:06:10	744,960	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
- 2007-03-22 18:03:58	761,344	----a-w	c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2008-03-13 04:52:36	761,344	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
- 2007-09-27 08:48:58	23,856	----a-w	c:\windows\system32\spupdsvc.exe
+ 2007-07-27 07:41:38	26,488	----a-w	c:\windows\system32\spupdsvc.exe
- 2007-02-10 13:29:51	67,952	----a-w	c:\windows\system32\sqlctr90.dll
+ 2008-11-24 20:31:08	65,888	----a-w	c:\windows\system32\sqlctr90.dll
- 2007-02-10 02:29:52	2,234,224	----a-w	c:\windows\system32\sqlncli.dll
+ 2008-11-24 20:31:10	2,248,544	----a-w	c:\windows\system32\sqlncli.dll
+ 2006-04-30 15:45:44	847,872	---ha-r	c:\windows\system32\symav64.dll
+ 2004-04-30 15:45:44	159,744	---ha-r	c:\windows\system32\symavupd.dll
+ 2007-01-29 04:20:34	144,800	----a-w	c:\windows\system32\VMNetSrv.dll
- 2007-06-11 20:51:12	10,834,944	----a-w	c:\windows\system32\wmp.dll
+ 2008-11-11 16:34:42	10,838,016	----a-w	c:\windows\system32\wmp.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Common Files\Nero\Lib\NMFirstStart.exe" [2008-06-24 19752]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"Power_Gear"="c:\program files\Generic\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-08 3166432]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-10-29 96816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IBM\\SDP70_RAD\\runtimes\\base_v61\\java\\bin\\java.exe"=
"c:\\Program Files\\IBM\\SDP70_RAD\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SDP70_RSA\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SDP_RSM\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\RpcSandraSrv.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\nusphere\\phped\\debugger\\DbgListener.exe"=
"c:\\Program Files\\Zend\\ZendStudio-5.5.1\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Sun\\xVM VirtualBox\\VirtualBox.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\nusphere\\phped\\Srv.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\IBM\\SDP70_RSA\\jdk\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SDP70_RAD\\jdk\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14000:TCP"= 14000:TCP:NetBIOS
"14000:UDP"= 14000:UDP:NetBIOS
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
 
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-09-12 41680]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-09-19 21:37 41456]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2008-08-30 1519168]
R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-29 54960]
R3 eltima_usb_stub;ELTIMA Usb Stub;c:\windows\system32\DRIVERS\usbstub.sys [2007-11-30 11392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-11-30 66432]
R4 DCOM;DCOM; [x]
 
 
--- Other Services/Drivers In Memory ---
 
*Deregistered* - Beep
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - d347bus
*Deregistered* - DcomLaunch
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - Fastfat
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - KSecDD
*Deregistered* - MountMgr
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - rdpdr
*Deregistered* - sr
*Deregistered* - swenum
*Deregistered* - TermDD
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
.
Contents of the 'Scheduled Tasks' folder
 
2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
 
HKLM-Run-IntelZeroConfig - c:\program files\Intel\Wireless\bin\ZCfgSvc.exe
 
 
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {423F9E0C-30CB-4691-9248-1346FB7F7FC4} = 139.179.10.13
FF - ProfilePath - 
.
 
**************************************************************************
 
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 02:48:37
Windows 5.1.2600 Service Pack 3 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ... 
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
 
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
- - - - - - - > 'winlogon.exe'(288)
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
.
Completion time: 2009-04-06  2:55:10
ComboFix-quarantined-files.txt  2009-04-05 23:55:08
ComboFix2.txt  2009-01-26 03:06:35
ComboFix3.txt  2009-01-26 02:38:41
ComboFix4.txt  2009-01-26 02:29:29
 
Pre-Run: 19,298,185,216 bayt boþ
Post-Run: 22,905,229,312 bayt boþ
 
427	--- E O F ---	2009-03-20 14:51:11

Open in new window

0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 15

Expert Comment

by:xmachine
ID: 24074283
Hi,

1) Please visit this link and download Symantec AV definitions and run the file to update it:

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

2) Run a full scan in safe mode


A Symantec Certified Specialist @ your service
0
 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24075095
well...brothers, right now, i am unable to connect net with that machine...Moreover, i am unable to install a program...even in safe mode...

KAV with live CD fails...
0
 
LVL 5

Assisted Solution

by:bRvO
bRvO earned 100 total points
ID: 24079682
do you have your windows cd ?

Try and run a REPAIR of the Operating System , only the O/S files are over written so you won't lose any data.
0
 
LVL 16

Accepted Solution

by:
warturtle earned 300 total points
ID: 24082790
Hello jazzlllove,

I suggest that you can take out the harddisk of this computer and put it as a slave into another computer and do an online scan with Kaspersky scanner (http://www.kaspersky.co.uk/virusscanner) to figure out if its a virus or not. It might also be worth doing a checkdisk on the hard disk to check for any errors and recover from them.

You might also want to use System File Checker to check your Windows system files for errors and replace the unhealthy ones with new ones (you might need a Windows XP CD though):

sfc /scannow

Please read this link to familiarize yourself with this utility: http://en.wikipedia.org/wiki/System_File_Checker

Hope it helps.
0
 
LVL 8

Assisted Solution

by:skywalker39
skywalker39 earned 100 total points
ID: 24082811
I agree with warturtle, I too if I were you jazzllllove take your hard drive and put it into another computer as slave and run a couple of scanners. If it comes down to it, I would backup your data and do a complete reinstall.
0
 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24094433
I try to repair...no joy...i cannot have sfc /scannow right now, i am taking a backup and reinstall XP...
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question