Solved

My computer is infected but i haven't installed a program or i haven't anything to download...

Posted on 2009-04-05
9
984 Views
Last Modified: 2013-12-09
2 hours ago, my machine was working perfectly and i haven't installed anyting or i haven't download anything for 2 weeks...

1) I couldn't have the programs in the taskbar, i mean when minimized, no program appears
2) System restore cannot protect your computer
3) Windows key doesn't trigger windows icon
4) It seems no program is working...
5) Malware bytes is not working...
6) Symantec Corporate works but i couldn't update it to scan...
7) My network adapters gone!!!
8) Device manager doesn't show anything!
9) I couldn't see the user name for programs in task manager...
10) Same above for Safe Mode...

Barely, my machine recognizes my USB in safe mode and i run an old version of ComboFix right now...

I will inform you soon...

Best regards...
0
Comment
Question by:jazzIIIlove
9 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 24073399
start>run>cmd

tasklist /svc

Please paste the output here please.....
0
 
LVL 8

Expert Comment

by:skywalker39
ID: 24073426
Hi jazzllllove,

I'm just curious but did you download and install your Windows Updates?
0
 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24073641
Friends...you won't believe me...but my machine was working perfectly 4 hours ago...I haven't install anything..I just hanging around in youtube...nothing installed, downloaded...

I started combofix scan and it's attached...right now, i have just started KAV with live-cd...

I am going to apply your solutions after KAV finishes his work...

Also, i am going to send hijackthis log...and retry for malware bytes...Unbelievable...must be a joke...

If i go to system restore somehow, i know, i will be safe...but even i cannot enter it...

"System restore cannot protect your computer" error is what i got...

Thanks friends...I am going to apply your solutions too...but disk is 150 G...:(
ComboFix 09-04-04.01 - Administrator 2009-04-06  2:41:00.5 - NTFSx86 MINIMAL
Running from: G:\ComboFix.exe
 
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
 
.
(((((((((((((((((((((((((   Files Created from 2009-03-05 to 2009-04-05  )))))))))))))))))))))))))))))))
.
 
2009-04-30 18:45 . 2009-04-30 18:45	969	-rah-----	c:\windows\system32\sym-upd.cta
2009-04-05 19:53 . 2009-04-05 19:53	<DIR>	d--------	C:\debian
2009-04-03 02:18 . 2009-04-03 02:18	<DIR>	d--------	C:\Windows Server 2008 Datacenter Enterprise and Standard (x64) - DVD (English)
2009-04-02 19:44 . 2007-03-26 20:05	1,835,008	--a------	c:\windows\system32\vdrive.exe
2009-04-02 19:44 . 2007-03-26 19:41	557,056	--a------	c:\windows\system32\bdwf.exe
2009-04-02 19:44 . 2007-03-29 13:36	151,270	--a------	c:\windows\system32\run.exe.PreARM
2009-04-02 19:44 . 2007-03-29 13:22	68,848	--a------	c:\windows\system32\driverbuild.ocx
2009-04-02 19:44 . 2007-02-10 16:29	32,768	--a------	c:\windows\system32\touch.exe
2009-04-02 19:44 . 2007-03-26 19:51	9,790	-rah-----	c:\windows\system32\fgh
2009-04-02 19:44 . 2007-01-01 18:18	36	-rah-----	c:\windows\system32\wre.cdm
2009-04-02 19:41 . 2009-04-02 19:42	2,563,072	--a------	c:\windows\system32\BDVD.exe
2009-04-02 19:38 . 2008-03-26 15:32	803	-ra------	c:\windows\system32\ipf.cc
2009-04-02 19:38 . 2008-03-26 15:34	498	-ra------	c:\windows\system32\ips.cc
2009-04-02 19:37 . 2008-03-26 16:42	69,120	-ra------	c:\windows\system32\lusetup.exe
2009-04-02 19:37 . 2006-03-25 11:36	64,000	-rahs----	c:\windows\system32\checker.dat
2009-04-02 19:37 . 2008-03-26 15:46	9,605	-rah-----	c:\windows\system32\checker.ocx
2009-03-30 14:14 . 2009-03-30 14:16	<DIR>	d--------	c:\program files\Recovery for PDF
2009-03-25 16:57 . 2009-03-25 16:57	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Last.fm
2009-03-25 16:53 . 2009-03-30 15:34	<DIR>	d--------	c:\program files\Last.fm
2009-03-23 18:41 . 2009-03-23 18:41	4,417,710	--a------	c:\windows\system32\Dexter's Screen Saver.Scr
2009-03-17 18:30 . 2009-03-17 18:44	<DIR>	d--------	c:\program files\nLite
2009-03-17 17:12 . 2009-03-17 17:12	<DIR>	d--------	c:\program files\Innovative Solutions
2009-03-17 11:16 . 2009-03-17 11:16	<DIR>	d--------	c:\program files\Double Driver
2009-03-17 11:16 . 2008-12-01 08:00	517,120	--a------	c:\windows\system32\7-ZIP32.DLL
2009-03-10 11:38 . 2009-03-10 11:38	<DIR>	d--------	c:\program files\DiskInternals
2009-03-09 12:14 . 2009-03-09 12:23	<DIR>	d--------	C:\tmp
2009-03-09 12:14 . 2009-03-09 12:22	<DIR>	d--------	C:\PDFZilla
2009-03-09 12:14 . 2009-03-09 12:24	<DIR>	d--------	C:\output
2009-03-09 12:05 . 2009-03-09 12:11	610	--a------	c:\windows\system32\winpdf.ini
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 23:29	---------	d-----w	c:\program files\FlashGet
2009-04-05 23:19	---------	d-----w	c:\documents and settings\All Users\Application Data\Babylon
2009-04-05 23:17	---------	d-----w	c:\documents and settings\All Users\Application Data\VMware
2009-04-03 11:19	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2009-04-02 16:33	---------	d-----w	c:\program files\Symantec AntiVirus
2009-04-02 14:21	---------	d-----w	c:\program files\NetBeans 6.1
2009-03-31 07:50	---------	d-----w	c:\documents and settings\NetworkService\Application Data\VMware
2009-03-25 13:57	---------	d-----w	c:\program files\iTunes
2009-03-23 09:18	---------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-03-20 14:50	---------	d-----w	c:\program files\Microsoft SQL Server
2009-03-17 15:26	---------	d-----w	c:\documents and settings\Baran\Application Data\VMware
2009-03-16 13:12	---------	d-----w	c:\documents and settings\Baran\Application Data\Babylon
2009-03-15 18:00	---------	d-----w	c:\documents and settings\Baran\Application Data\dvdcss
2009-03-13 14:59	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-09 12:44	---------	d-----w	c:\documents and settings\Baran\Application Data\MySQL
2009-03-09 12:43	---------	d-----w	c:\documents and settings\Baran\Application Data\SQLyog
2009-03-02 17:37	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-03-02 17:15	---------	d-----w	c:\program files\Compaq
2009-02-21 15:44	---------	d-----w	c:\program files\Advanced Port Scanner
2009-02-21 15:31	---------	d-----w	c:\documents and settings\Baran\Application Data\OpenOffice.org2
2009-02-16 13:00	---------	d-----w	c:\program files\Microsoft Virtual PC
2009-02-11 08:19	38,496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 08:19	15,504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-02-09 14:05	1,846,784	----a-w	c:\windows\system32\win32k.sys
2009-02-09 08:13	---------	d-----w	c:\program files\iPod
2009-02-09 08:13	---------	d-----w	c:\program files\Common Files\Apple
2009-02-09 08:13	---------	d-----w	c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-09 08:11	---------	d-----w	c:\program files\QuickTime
2009-02-09 08:07	---------	d-----w	c:\program files\Bonjour
2008-09-29 04:03	47,360	----a-w	c:\documents and settings\Baran\Application Data\pcouffin.sys
2006-03-25 08:36	64,000	--sha-r	c:\windows\system32\checker.dat
.
 
------- Sigcheck -------
 
Cryptography Services Error !!
.
(((((((((((((((((((((((((((((   snapshot@2009-01-26_ 4.28.18,23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 13:59:34	1,847,552	----a-w	c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:59:29	756,600	----a-w	c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:59:14	144,896	----a-w	c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:21:50	17,272	----a-w	c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:21:50	232,824	----a-w	c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:21:50	26,488	----a-w	c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:41:01	756,600	----a-w	c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:41:01	386,424	----a-w	c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB960715\spmsg.dll
+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB960715\spuninst.exe
+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB960715\update\spcustom.dll
+ 2008-11-15 17:19:26	756,600	----a-w	c:\windows\$hf_mig$\KB960715\update\update.exe
+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB960715\update\updspapi.dll
+ 2008-06-17 19:03:59	8,467,456	----a-w	c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:59:29	756,600	----a-w	c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2008-07-09 07:59:26	232,824	-c----w	c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe
+ 2008-07-09 07:59:37	386,424	-c----w	c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll
+ 2008-04-15 12:00:00	8,466,432	-c----w	c:\windows\$NtUninstallKB967715$\shell32.dll
+ 2008-07-09 07:59:26	232,824	-c----w	c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe
+ 2008-07-09 07:59:37	386,424	-c----w	c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll
- 2008-09-29 01:11:25	363,376	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
+ 2009-03-20 14:45:10	360,800	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
- 2008-09-29 01:11:26	78,192	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
+ 2009-03-20 14:45:11	75,616	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
- 2008-09-29 01:11:34	1,626,480	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
+ 2009-03-20 14:45:21	1,625,952	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
- 2008-09-29 01:11:27	546,160	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
+ 2009-03-20 14:45:12	543,584	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
- 2008-09-29 01:11:26	140,656	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
+ 2009-03-20 14:45:11	138,080	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
- 2008-09-29 01:11:26	1,217,904	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
+ 2009-03-20 14:45:11	1,215,328	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
- 2008-09-29 01:11:26	38,256	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
+ 2009-03-20 14:45:11	35,680	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
- 2008-09-29 01:09:32	136,560	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
+ 2009-03-20 14:41:11	133,984	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
- 2008-09-29 01:11:25	157,040	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
+ 2009-03-20 14:45:10	154,464	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
- 2008-09-29 01:09:32	46,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
+ 2009-03-20 14:41:11	43,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
- 2008-09-29 01:09:32	202,096	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
+ 2009-03-20 14:41:11	199,520	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
- 2008-09-29 01:11:26	71,024	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
+ 2009-03-20 14:45:11	68,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
- 2008-09-29 01:11:26	558,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
+ 2009-03-20 14:45:11	555,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
- 2008-09-29 01:11:25	42,352	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
+ 2009-03-20 14:45:10	39,776	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
- 2008-09-29 01:11:25	1,598,832	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
+ 2009-03-20 14:45:10	1,604,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
- 2008-09-29 01:11:25	222,576	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
+ 2009-03-20 14:45:10	220,000	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
- 2008-09-29 01:11:25	906,608	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
+ 2009-03-20 14:45:10	895,840	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
- 2008-09-29 01:09:32	595,312	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
+ 2009-03-20 14:41:11	592,736	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
- 2008-09-29 01:11:25	46,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
+ 2009-03-20 14:45:10	43,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
+ 2009-03-20 14:51:23	249,856	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\ce195aef04208a328e9c4f8fa1c6f65d\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2009-03-20 14:51:24	90,112	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\58867f7ce6aa6d044a6877451ba99fc7\Microsoft.SqlServer.CustomControls.ni.dll
+ 2009-03-20 14:51:26	561,152	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7d9b28b61883644575172085bd1687c6\Microsoft.SqlServer.GridControl.ni.dll
+ 2009-03-20 14:51:27	1,028,096	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84f87159bb47418d53465c11403d5afd\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
- 2005-10-20 18:02:28	163,328	----a-w	c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 17:02:28	163,328	----a-w	c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2009-02-09 08:07:44	86,016	----a-r	c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-04-02 16:14:21	352,256	----a-r	c:\windows\Installer\{26380174-DEAE-4939-8DEC-A17C7B6A0C91}\ARPPRODUCTICON.exe
- 2009-01-17 11:40:02	1,165,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-13 14:59:53	1,165,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-17 11:40:03	20,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-13 14:59:53	20,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-17 11:40:02	159,504	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-13 14:59:53	159,504	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-17 11:40:02	184,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-13 14:59:53	184,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-17 11:40:03	217,864	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-13 14:59:53	217,864	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-17 11:40:03	18,704	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-13 14:59:53	18,704	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-17 11:40:03	35,088	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-13 14:59:53	35,088	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-17 11:40:03	845,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-13 14:59:53	845,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-17 11:40:03	922,384	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-13 14:59:53	922,384	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-17 11:40:03	272,648	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-13 14:59:53	272,648	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-17 11:40:03	888,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-13 14:59:53	888,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-17 11:40:02	1,172,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-13 14:59:53	1,172,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-09 08:14:08	102,400	----a-r	c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe
- 2000-08-31 06:00:00	29,696	----a-w	c:\windows\NIRCMD.exe
+ 2000-08-31 05:00:00	29,696	----a-w	c:\windows\NIRCMD.exe
+ 2007-02-10 03:09:12	127,856	----a-w	c:\windows\SQL9_KB960089_ENU\batchparser90.dll
+ 2007-02-10 03:09:20	1,039,728	----a-w	c:\windows\SQL9_KB960089_ENU\dbghelp.dll
+ 2007-02-10 03:15:30	1,160,560	----a-w	c:\windows\SQL9_KB960089_ENU\dumpdatastore.dll
+ 2008-12-18 02:24:10	2,538,848	----a-w	c:\windows\SQL9_KB960089_ENU\hotfix.exe
+ 2005-10-13 21:26:42	548,864	----a-w	c:\windows\SQL9_KB960089_ENU\msvcp80.dll
+ 2005-10-13 21:26:42	626,688	----a-w	c:\windows\SQL9_KB960089_ENU\msvcr80.dll
+ 2007-02-10 03:29:52	143,728	----a-w	c:\windows\SQL9_KB960089_ENU\sqlcmd.exe
+ 2007-02-10 03:29:52	533,872	----a-w	c:\windows\SQL9_KB960089_ENU\sqldiscoveryapi.dll
+ 2007-02-10 03:29:54	230,256	----a-w	c:\windows\SQL9_KB960089_ENU\sqlsetupvista.dll
+ 2007-02-10 03:09:12	127,856	----a-w	c:\windows\SQLTools9_KB960089_ENU\batchparser90.dll
+ 2007-02-10 03:09:20	1,039,728	----a-w	c:\windows\SQLTools9_KB960089_ENU\dbghelp.dll
+ 2007-02-10 03:15:30	1,160,560	----a-w	c:\windows\SQLTools9_KB960089_ENU\dumpdatastore.dll
+ 2008-12-18 02:24:10	2,538,848	----a-w	c:\windows\SQLTools9_KB960089_ENU\hotfix.exe
+ 2005-10-13 21:26:42	548,864	----a-w	c:\windows\SQLTools9_KB960089_ENU\msvcp80.dll
+ 2005-10-13 21:26:42	626,688	----a-w	c:\windows\SQLTools9_KB960089_ENU\msvcr80.dll
+ 2007-02-10 03:29:52	143,728	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqlcmd.exe
+ 2007-02-10 03:29:52	533,872	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqldiscoveryapi.dll
+ 2007-02-10 03:29:54	230,256	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqlsetupvista.dll
- 2000-08-31 06:00:00	161,792	----a-w	c:\windows\SWREG.exe
+ 2000-08-31 05:00:00	161,792	----a-w	c:\windows\SWREG.exe
+ 2008-09-17 13:29:12	20,040	----a-w	c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
- 2008-04-15 12:00:00	144,384	-c--a-w	c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 06:55:55	144,896	-c--a-w	c:\windows\system32\dllcache\schannel.dll
- 2008-04-15 12:00:00	8,466,432	-c--a-w	c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:01:35	8,466,944	-c--a-w	c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 15:25:48	1,846,400	-c--a-w	c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:05:18	1,846,784	-c--a-w	c:\windows\system32\dllcache\win32k.sys
- 2007-06-11 20:51:12	10,834,944	-c--a-w	c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 16:34:42	10,838,016	-c--a-w	c:\windows\system32\dllcache\wmp.dll
- 2008-08-29 07:18:58	87,336	----a-w	c:\windows\system32\dns-sd.exe
+ 2008-12-12 09:18:16	87,336	----a-w	c:\windows\system32\dns-sd.exe
- 2008-08-29 06:53:50	61,440	----a-w	c:\windows\system32\dnssd.dll
+ 2008-12-12 09:11:46	61,440	----a-w	c:\windows\system32\dnssd.dll
- 2008-09-10 13:45:18	32,000	----a-w	c:\windows\system32\drivers\usbaapl.sys
+ 2008-11-07 12:23:30	32,000	----a-w	c:\windows\system32\drivers\usbaapl.sys
+ 2007-02-17 22:15:34	232,816	----a-w	c:\windows\system32\drivers\VMM.sys
+ 2007-01-29 04:20:34	59,280	----a-w	c:\windows\system32\drivers\VMNetSrv.sys
+ 2008-11-07 12:23:30	32,000	-c--a-w	c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2009-01-23 16:30:01	1,559,360	----a-w	c:\windows\system32\FNTCACHE.DAT
+ 2009-03-13 18:48:28	1,559,360	----a-w	c:\windows\system32\FNTCACHE.DAT
+ 2009-02-03 02:15:28	3,771,296	----a-w	c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:30	240,544	----a-w	c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-04-03 09:56:59	84,661	----a-w	c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-01-10 01:35:28	20,853,704	----a-w	c:\windows\system32\MRT.exe
+ 2009-02-25 20:54:59	24,768,960	----a-w	c:\windows\system32\MRT.exe
- 2008-12-08 18:39:34	91,280	----a-w	c:\windows\system32\perfc009.dat
+ 2009-03-31 07:55:11	91,954	----a-w	c:\windows\system32\perfc009.dat
- 2009-01-21 10:03:09	85,902	----a-w	c:\windows\system32\perfc01F.dat
+ 2009-03-31 07:55:11	104,260	----a-w	c:\windows\system32\perfc01F.dat
- 2008-12-08 18:39:34	493,814	----a-w	c:\windows\system32\perfh009.dat
+ 2009-03-31 07:55:11	494,488	----a-w	c:\windows\system32\perfh009.dat
- 2009-01-21 10:03:09	441,894	----a-w	c:\windows\system32\perfh01F.dat
+ 2009-03-31 07:55:11	490,278	----a-w	c:\windows\system32\perfh01F.dat
+ 2005-04-30 15:45:44	129,437	----a-w	c:\windows\system32\riched64.dll
- 2008-04-15 12:00:00	144,384	----a-w	c:\windows\system32\schannel.dll
+ 2008-12-05 06:55:55	144,896	----a-w	c:\windows\system32\schannel.dll
- 2008-04-15 12:00:00	8,466,432	----a-w	c:\windows\system32\shell32.dll
+ 2008-06-17 19:01:35	8,466,944	----a-w	c:\windows\system32\shell32.dll
- 2007-11-30 12:39:22	17,272	------w	c:\windows\system32\spmsg.dll
+ 2007-11-30 11:21:50	17,272	------w	c:\windows\system32\spmsg.dll
- 2008-04-14 07:00:28	373,248	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2008-07-06 12:06:10	373,248	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
- 2008-04-14 07:00:28	744,448	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2008-07-06 12:06:10	744,960	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
- 2007-03-22 18:03:58	761,344	----a-w	c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2008-03-13 04:52:36	761,344	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
- 2007-09-27 08:48:58	23,856	----a-w	c:\windows\system32\spupdsvc.exe
+ 2007-07-27 07:41:38	26,488	----a-w	c:\windows\system32\spupdsvc.exe
- 2007-02-10 13:29:51	67,952	----a-w	c:\windows\system32\sqlctr90.dll
+ 2008-11-24 20:31:08	65,888	----a-w	c:\windows\system32\sqlctr90.dll
- 2007-02-10 02:29:52	2,234,224	----a-w	c:\windows\system32\sqlncli.dll
+ 2008-11-24 20:31:10	2,248,544	----a-w	c:\windows\system32\sqlncli.dll
+ 2006-04-30 15:45:44	847,872	---ha-r	c:\windows\system32\symav64.dll
+ 2004-04-30 15:45:44	159,744	---ha-r	c:\windows\system32\symavupd.dll
+ 2007-01-29 04:20:34	144,800	----a-w	c:\windows\system32\VMNetSrv.dll
- 2007-06-11 20:51:12	10,834,944	----a-w	c:\windows\system32\wmp.dll
+ 2008-11-11 16:34:42	10,838,016	----a-w	c:\windows\system32\wmp.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Common Files\Nero\Lib\NMFirstStart.exe" [2008-06-24 19752]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"Power_Gear"="c:\program files\Generic\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-08 3166432]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-10-29 96816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IBM\\SDP70_RAD\\runtimes\\base_v61\\java\\bin\\java.exe"=
"c:\\Program Files\\IBM\\SDP70_RAD\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SDP70_RSA\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SDP_RSM\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\RpcSandraSrv.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\nusphere\\phped\\debugger\\DbgListener.exe"=
"c:\\Program Files\\Zend\\ZendStudio-5.5.1\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Sun\\xVM VirtualBox\\VirtualBox.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\nusphere\\phped\\Srv.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\IBM\\SDP70_RSA\\jdk\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SDP70_RAD\\jdk\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14000:TCP"= 14000:TCP:NetBIOS
"14000:UDP"= 14000:UDP:NetBIOS
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
 
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-09-12 41680]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-09-19 21:37 41456]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2008-08-30 1519168]
R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-29 54960]
R3 eltima_usb_stub;ELTIMA Usb Stub;c:\windows\system32\DRIVERS\usbstub.sys [2007-11-30 11392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-11-30 66432]
R4 DCOM;DCOM; [x]
 
 
--- Other Services/Drivers In Memory ---
 
*Deregistered* - Beep
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - d347bus
*Deregistered* - DcomLaunch
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - Fastfat
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - KSecDD
*Deregistered* - MountMgr
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - rdpdr
*Deregistered* - sr
*Deregistered* - swenum
*Deregistered* - TermDD
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
.
Contents of the 'Scheduled Tasks' folder
 
2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
 
HKLM-Run-IntelZeroConfig - c:\program files\Intel\Wireless\bin\ZCfgSvc.exe
 
 
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {423F9E0C-30CB-4691-9248-1346FB7F7FC4} = 139.179.10.13
FF - ProfilePath - 
.
 
**************************************************************************
 
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 02:48:37
Windows 5.1.2600 Service Pack 3 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ... 
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
 
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
- - - - - - - > 'winlogon.exe'(288)
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
.
Completion time: 2009-04-06  2:55:10
ComboFix-quarantined-files.txt  2009-04-05 23:55:08
ComboFix2.txt  2009-01-26 03:06:35
ComboFix3.txt  2009-01-26 02:38:41
ComboFix4.txt  2009-01-26 02:29:29
 
Pre-Run: 19,298,185,216 bayt boþ
Post-Run: 22,905,229,312 bayt boþ
 
427	--- E O F ---	2009-03-20 14:51:11

Open in new window

0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 15

Expert Comment

by:xmachine
ID: 24074283
Hi,

1) Please visit this link and download Symantec AV definitions and run the file to update it:

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

2) Run a full scan in safe mode


A Symantec Certified Specialist @ your service
0
 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24075095
well...brothers, right now, i am unable to connect net with that machine...Moreover, i am unable to install a program...even in safe mode...

KAV with live CD fails...
0
 
LVL 5

Assisted Solution

by:bRvO
bRvO earned 100 total points
ID: 24079682
do you have your windows cd ?

Try and run a REPAIR of the Operating System , only the O/S files are over written so you won't lose any data.
0
 
LVL 16

Accepted Solution

by:
warturtle earned 300 total points
ID: 24082790
Hello jazzlllove,

I suggest that you can take out the harddisk of this computer and put it as a slave into another computer and do an online scan with Kaspersky scanner (http://www.kaspersky.co.uk/virusscanner) to figure out if its a virus or not. It might also be worth doing a checkdisk on the hard disk to check for any errors and recover from them.

You might also want to use System File Checker to check your Windows system files for errors and replace the unhealthy ones with new ones (you might need a Windows XP CD though):

sfc /scannow

Please read this link to familiarize yourself with this utility: http://en.wikipedia.org/wiki/System_File_Checker

Hope it helps.
0
 
LVL 8

Assisted Solution

by:skywalker39
skywalker39 earned 100 total points
ID: 24082811
I agree with warturtle, I too if I were you jazzllllove take your hard drive and put it into another computer as slave and run a couple of scanners. If it comes down to it, I would backup your data and do a complete reinstall.
0
 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24094433
I try to repair...no joy...i cannot have sfc /scannow right now, i am taking a backup and reinstall XP...
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Free utilities to ZIP , encrypt and password protect  and email 11 71
Outlook 2010 Security Alert when opening Outlook 4 60
Access 2016 5 54
Admin account lockout 10 39
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question