asked on
My computer is infected but i haven't installed a program or i haven't anything to download...

2 hours ago, my machine was working perfectly and i haven't installed anyting or i haven't download anything for 2 weeks...

1) I couldn't have the programs in the taskbar, i mean when minimized, no program appears
2) System restore cannot protect your computer
3) Windows key doesn't trigger windows icon
4) It seems no program is working...
5) Malware bytes is not working...
6) Symantec Corporate works but i couldn't update it to scan...
7) My network adapters gone!!!
8) Device manager doesn't show anything!
9) I couldn't see the user name for programs in task manager...
10) Same above for Safe Mode...

Barely, my machine recognizes my USB in safe mode and i run an old version of ComboFix right now...

I will inform you soon...

Best regards...
johnb6767
start>run>cmd

tasklist /svc

Please paste the output here please.....
skywalker39
Hi jazzllllove,

I'm just curious but did you download and install your Windows Updates?
jazzIIIlove
ASKER
Friends...you won't believe me...but my machine was working perfectly 4 hours ago...I haven't install anything..I just hanging around in youtube...nothing installed, downloaded...

I started combofix scan and it's attached...right now, i have just started KAV with live-cd...

I am going to apply your solutions after KAV finishes his work...

Also, i am going to send hijackthis log...and retry for malware bytes...Unbelievable...must be a joke...

If i go to system restore somehow, i know, i will be safe...but even i cannot enter it...

"System restore cannot protect your computer" error is what i got...

Thanks friends...I am going to apply your solutions too...but disk is 150 G...:(
ComboFix 09-04-04.01 - Administrator 2009-04-06  2:41:00.5 - NTFSx86 MINIMAL
Running from: G:\ComboFix.exe
 
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
 
.
(((((((((((((((((((((((((   Files Created from 2009-03-05 to 2009-04-05  )))))))))))))))))))))))))))))))
.
 
2009-04-30 18:45 . 2009-04-30 18:45	969	-rah-----	c:\windows\system32\sym-upd.cta
2009-04-05 19:53 . 2009-04-05 19:53	<DIR>	d--------	C:\debian
2009-04-03 02:18 . 2009-04-03 02:18	<DIR>	d--------	C:\Windows Server 2008 Datacenter Enterprise and Standard (x64) - DVD (English)
2009-04-02 19:44 . 2007-03-26 20:05	1,835,008	--a------	c:\windows\system32\vdrive.exe
2009-04-02 19:44 . 2007-03-26 19:41	557,056	--a------	c:\windows\system32\bdwf.exe
2009-04-02 19:44 . 2007-03-29 13:36	151,270	--a------	c:\windows\system32\run.exe.PreARM
2009-04-02 19:44 . 2007-03-29 13:22	68,848	--a------	c:\windows\system32\driverbuild.ocx
2009-04-02 19:44 . 2007-02-10 16:29	32,768	--a------	c:\windows\system32\touch.exe
2009-04-02 19:44 . 2007-03-26 19:51	9,790	-rah-----	c:\windows\system32\fgh
2009-04-02 19:44 . 2007-01-01 18:18	36	-rah-----	c:\windows\system32\wre.cdm
2009-04-02 19:41 . 2009-04-02 19:42	2,563,072	--a------	c:\windows\system32\BDVD.exe
2009-04-02 19:38 . 2008-03-26 15:32	803	-ra------	c:\windows\system32\ipf.cc
2009-04-02 19:38 . 2008-03-26 15:34	498	-ra------	c:\windows\system32\ips.cc
2009-04-02 19:37 . 2008-03-26 16:42	69,120	-ra------	c:\windows\system32\lusetup.exe
2009-04-02 19:37 . 2006-03-25 11:36	64,000	-rahs----	c:\windows\system32\checker.dat
2009-04-02 19:37 . 2008-03-26 15:46	9,605	-rah-----	c:\windows\system32\checker.ocx
2009-03-30 14:14 . 2009-03-30 14:16	<DIR>	d--------	c:\program files\Recovery for PDF
2009-03-25 16:57 . 2009-03-25 16:57	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Last.fm
2009-03-25 16:53 . 2009-03-30 15:34	<DIR>	d--------	c:\program files\Last.fm
2009-03-23 18:41 . 2009-03-23 18:41	4,417,710	--a------	c:\windows\system32\Dexter's Screen Saver.Scr
2009-03-17 18:30 . 2009-03-17 18:44	<DIR>	d--------	c:\program files\nLite
2009-03-17 17:12 . 2009-03-17 17:12	<DIR>	d--------	c:\program files\Innovative Solutions
2009-03-17 11:16 . 2009-03-17 11:16	<DIR>	d--------	c:\program files\Double Driver
2009-03-17 11:16 . 2008-12-01 08:00	517,120	--a------	c:\windows\system32\7-ZIP32.DLL
2009-03-10 11:38 . 2009-03-10 11:38	<DIR>	d--------	c:\program files\DiskInternals
2009-03-09 12:14 . 2009-03-09 12:23	<DIR>	d--------	C:\tmp
2009-03-09 12:14 . 2009-03-09 12:22	<DIR>	d--------	C:\PDFZilla
2009-03-09 12:14 . 2009-03-09 12:24	<DIR>	d--------	C:\output
2009-03-09 12:05 . 2009-03-09 12:11	610	--a------	c:\windows\system32\winpdf.ini
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 23:29	---------	d-----w	c:\program files\FlashGet
2009-04-05 23:19	---------	d-----w	c:\documents and settings\All Users\Application Data\Babylon
2009-04-05 23:17	---------	d-----w	c:\documents and settings\All Users\Application Data\VMware
2009-04-03 11:19	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
2009-04-02 16:33	---------	d-----w	c:\program files\Symantec AntiVirus
2009-04-02 14:21	---------	d-----w	c:\program files\NetBeans 6.1
2009-03-31 07:50	---------	d-----w	c:\documents and settings\NetworkService\Application Data\VMware
2009-03-25 13:57	---------	d-----w	c:\program files\iTunes
2009-03-23 09:18	---------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-03-20 14:50	---------	d-----w	c:\program files\Microsoft SQL Server
2009-03-17 15:26	---------	d-----w	c:\documents and settings\Baran\Application Data\VMware
2009-03-16 13:12	---------	d-----w	c:\documents and settings\Baran\Application Data\Babylon
2009-03-15 18:00	---------	d-----w	c:\documents and settings\Baran\Application Data\dvdcss
2009-03-13 14:59	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-09 12:44	---------	d-----w	c:\documents and settings\Baran\Application Data\MySQL
2009-03-09 12:43	---------	d-----w	c:\documents and settings\Baran\Application Data\SQLyog
2009-03-02 17:37	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-03-02 17:15	---------	d-----w	c:\program files\Compaq
2009-02-21 15:44	---------	d-----w	c:\program files\Advanced Port Scanner
2009-02-21 15:31	---------	d-----w	c:\documents and settings\Baran\Application Data\OpenOffice.org2
2009-02-16 13:00	---------	d-----w	c:\program files\Microsoft Virtual PC
2009-02-11 08:19	38,496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 08:19	15,504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-02-09 14:05	1,846,784	----a-w	c:\windows\system32\win32k.sys
2009-02-09 08:13	---------	d-----w	c:\program files\iPod
2009-02-09 08:13	---------	d-----w	c:\program files\Common Files\Apple
2009-02-09 08:13	---------	d-----w	c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-09 08:11	---------	d-----w	c:\program files\QuickTime
2009-02-09 08:07	---------	d-----w	c:\program files\Bonjour
2008-09-29 04:03	47,360	----a-w	c:\documents and settings\Baran\Application Data\pcouffin.sys
2006-03-25 08:36	64,000	--sha-r	c:\windows\system32\checker.dat
.
 
------- Sigcheck -------
 
Cryptography Services Error !!
.
(((((((((((((((((((((((((((((   snapshot@2009-01-26_ 4.28.18,23   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 13:59:34	1,847,552	----a-w	c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:59:29	756,600	----a-w	c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:59:14	144,896	----a-w	c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:21:50	17,272	----a-w	c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:21:50	232,824	----a-w	c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:21:50	26,488	----a-w	c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:41:01	756,600	----a-w	c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:41:01	386,424	----a-w	c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB960715\spmsg.dll
+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB960715\spuninst.exe
+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB960715\update\spcustom.dll
+ 2008-11-15 17:19:26	756,600	----a-w	c:\windows\$hf_mig$\KB960715\update\update.exe
+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB960715\update\updspapi.dll
+ 2008-06-17 19:03:59	8,467,456	----a-w	c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:59:29	756,600	----a-w	c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB967715\update\updspapi.dll
+ 2008-07-09 07:59:26	232,824	-c----w	c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe
+ 2008-07-09 07:59:37	386,424	-c----w	c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll
+ 2008-04-15 12:00:00	8,466,432	-c----w	c:\windows\$NtUninstallKB967715$\shell32.dll
+ 2008-07-09 07:59:26	232,824	-c----w	c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe
+ 2008-07-09 07:59:37	386,424	-c----w	c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll
- 2008-09-29 01:11:25	363,376	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
+ 2009-03-20 14:45:10	360,800	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll
- 2008-09-29 01:11:26	78,192	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
+ 2009-03-20 14:45:11	75,616	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll
- 2008-09-29 01:11:34	1,626,480	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
+ 2009-03-20 14:45:21	1,625,952	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll
- 2008-09-29 01:11:27	546,160	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
+ 2009-03-20 14:45:12	543,584	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll
- 2008-09-29 01:11:26	140,656	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
+ 2009-03-20 14:45:11	138,080	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll
- 2008-09-29 01:11:26	1,217,904	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
+ 2009-03-20 14:45:11	1,215,328	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL
- 2008-09-29 01:11:26	38,256	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
+ 2009-03-20 14:45:11	35,680	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL
- 2008-09-29 01:09:32	136,560	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
+ 2009-03-20 14:41:11	133,984	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll
- 2008-09-29 01:11:25	157,040	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
+ 2009-03-20 14:45:10	154,464	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll
- 2008-09-29 01:09:32	46,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
+ 2009-03-20 14:41:11	43,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll
- 2008-09-29 01:09:32	202,096	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
+ 2009-03-20 14:41:11	199,520	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll
- 2008-09-29 01:11:26	71,024	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
+ 2009-03-20 14:45:11	68,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll
- 2008-09-29 01:11:26	558,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
+ 2009-03-20 14:45:11	555,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll
- 2008-09-29 01:11:25	42,352	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
+ 2009-03-20 14:45:10	39,776	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll
- 2008-09-29 01:11:25	1,598,832	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
+ 2009-03-20 14:45:10	1,604,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll
- 2008-09-29 01:11:25	222,576	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
+ 2009-03-20 14:45:10	220,000	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll
- 2008-09-29 01:11:25	906,608	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
+ 2009-03-20 14:45:10	895,840	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll
- 2008-09-29 01:09:32	595,312	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
+ 2009-03-20 14:41:11	592,736	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll
- 2008-09-29 01:11:25	46,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
+ 2009-03-20 14:45:10	43,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll
+ 2009-03-20 14:51:23	249,856	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\ce195aef04208a328e9c4f8fa1c6f65d\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2009-03-20 14:51:24	90,112	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\58867f7ce6aa6d044a6877451ba99fc7\Microsoft.SqlServer.CustomControls.ni.dll
+ 2009-03-20 14:51:26	561,152	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7d9b28b61883644575172085bd1687c6\Microsoft.SqlServer.GridControl.ni.dll
+ 2009-03-20 14:51:27	1,028,096	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84f87159bb47418d53465c11403d5afd\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
- 2005-10-20 18:02:28	163,328	----a-w	c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 17:02:28	163,328	----a-w	c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2009-02-09 08:07:44	86,016	----a-r	c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-04-02 16:14:21	352,256	----a-r	c:\windows\Installer\{26380174-DEAE-4939-8DEC-A17C7B6A0C91}\ARPPRODUCTICON.exe
- 2009-01-17 11:40:02	1,165,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-13 14:59:53	1,165,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-17 11:40:03	20,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-13 14:59:53	20,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-17 11:40:02	159,504	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-13 14:59:53	159,504	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-01-17 11:40:02	184,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-13 14:59:53	184,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-01-17 11:40:03	217,864	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-13 14:59:53	217,864	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-17 11:40:03	18,704	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-13 14:59:53	18,704	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-17 11:40:03	35,088	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-13 14:59:53	35,088	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-17 11:40:03	845,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-13 14:59:53	845,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-17 11:40:03	922,384	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-13 14:59:53	922,384	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-17 11:40:03	272,648	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-13 14:59:53	272,648	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-17 11:40:03	888,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-13 14:59:53	888,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-17 11:40:02	1,172,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-13 14:59:53	1,172,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-09 08:14:08	102,400	----a-r	c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe
- 2000-08-31 06:00:00	29,696	----a-w	c:\windows\NIRCMD.exe
+ 2000-08-31 05:00:00	29,696	----a-w	c:\windows\NIRCMD.exe
+ 2007-02-10 03:09:12	127,856	----a-w	c:\windows\SQL9_KB960089_ENU\batchparser90.dll
+ 2007-02-10 03:09:20	1,039,728	----a-w	c:\windows\SQL9_KB960089_ENU\dbghelp.dll
+ 2007-02-10 03:15:30	1,160,560	----a-w	c:\windows\SQL9_KB960089_ENU\dumpdatastore.dll
+ 2008-12-18 02:24:10	2,538,848	----a-w	c:\windows\SQL9_KB960089_ENU\hotfix.exe
+ 2005-10-13 21:26:42	548,864	----a-w	c:\windows\SQL9_KB960089_ENU\msvcp80.dll
+ 2005-10-13 21:26:42	626,688	----a-w	c:\windows\SQL9_KB960089_ENU\msvcr80.dll
+ 2007-02-10 03:29:52	143,728	----a-w	c:\windows\SQL9_KB960089_ENU\sqlcmd.exe
+ 2007-02-10 03:29:52	533,872	----a-w	c:\windows\SQL9_KB960089_ENU\sqldiscoveryapi.dll
+ 2007-02-10 03:29:54	230,256	----a-w	c:\windows\SQL9_KB960089_ENU\sqlsetupvista.dll
+ 2007-02-10 03:09:12	127,856	----a-w	c:\windows\SQLTools9_KB960089_ENU\batchparser90.dll
+ 2007-02-10 03:09:20	1,039,728	----a-w	c:\windows\SQLTools9_KB960089_ENU\dbghelp.dll
+ 2007-02-10 03:15:30	1,160,560	----a-w	c:\windows\SQLTools9_KB960089_ENU\dumpdatastore.dll
+ 2008-12-18 02:24:10	2,538,848	----a-w	c:\windows\SQLTools9_KB960089_ENU\hotfix.exe
+ 2005-10-13 21:26:42	548,864	----a-w	c:\windows\SQLTools9_KB960089_ENU\msvcp80.dll
+ 2005-10-13 21:26:42	626,688	----a-w	c:\windows\SQLTools9_KB960089_ENU\msvcr80.dll
+ 2007-02-10 03:29:52	143,728	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqlcmd.exe
+ 2007-02-10 03:29:52	533,872	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqldiscoveryapi.dll
+ 2007-02-10 03:29:54	230,256	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqlsetupvista.dll
- 2000-08-31 06:00:00	161,792	----a-w	c:\windows\SWREG.exe
+ 2000-08-31 05:00:00	161,792	----a-w	c:\windows\SWREG.exe
+ 2008-09-17 13:29:12	20,040	----a-w	c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
- 2008-04-15 12:00:00	144,384	-c--a-w	c:\windows\system32\dllcache\schannel.dll
+ 2008-12-05 06:55:55	144,896	-c--a-w	c:\windows\system32\dllcache\schannel.dll
- 2008-04-15 12:00:00	8,466,432	-c--a-w	c:\windows\system32\dllcache\shell32.dll
+ 2008-06-17 19:01:35	8,466,944	-c--a-w	c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 15:25:48	1,846,400	-c--a-w	c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:05:18	1,846,784	-c--a-w	c:\windows\system32\dllcache\win32k.sys
- 2007-06-11 20:51:12	10,834,944	-c--a-w	c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 16:34:42	10,838,016	-c--a-w	c:\windows\system32\dllcache\wmp.dll
- 2008-08-29 07:18:58	87,336	----a-w	c:\windows\system32\dns-sd.exe
+ 2008-12-12 09:18:16	87,336	----a-w	c:\windows\system32\dns-sd.exe
- 2008-08-29 06:53:50	61,440	----a-w	c:\windows\system32\dnssd.dll
+ 2008-12-12 09:11:46	61,440	----a-w	c:\windows\system32\dnssd.dll
- 2008-09-10 13:45:18	32,000	----a-w	c:\windows\system32\drivers\usbaapl.sys
+ 2008-11-07 12:23:30	32,000	----a-w	c:\windows\system32\drivers\usbaapl.sys
+ 2007-02-17 22:15:34	232,816	----a-w	c:\windows\system32\drivers\VMM.sys
+ 2007-01-29 04:20:34	59,280	----a-w	c:\windows\system32\drivers\VMNetSrv.sys
+ 2008-11-07 12:23:30	32,000	-c--a-w	c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys
- 2009-01-23 16:30:01	1,559,360	----a-w	c:\windows\system32\FNTCACHE.DAT
+ 2009-03-13 18:48:28	1,559,360	----a-w	c:\windows\system32\FNTCACHE.DAT
+ 2009-02-03 02:15:28	3,771,296	----a-w	c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-02-03 02:15:30	240,544	----a-w	c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-04-03 09:56:59	84,661	----a-w	c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-01-10 01:35:28	20,853,704	----a-w	c:\windows\system32\MRT.exe
+ 2009-02-25 20:54:59	24,768,960	----a-w	c:\windows\system32\MRT.exe
- 2008-12-08 18:39:34	91,280	----a-w	c:\windows\system32\perfc009.dat
+ 2009-03-31 07:55:11	91,954	----a-w	c:\windows\system32\perfc009.dat
- 2009-01-21 10:03:09	85,902	----a-w	c:\windows\system32\perfc01F.dat
+ 2009-03-31 07:55:11	104,260	----a-w	c:\windows\system32\perfc01F.dat
- 2008-12-08 18:39:34	493,814	----a-w	c:\windows\system32\perfh009.dat
+ 2009-03-31 07:55:11	494,488	----a-w	c:\windows\system32\perfh009.dat
- 2009-01-21 10:03:09	441,894	----a-w	c:\windows\system32\perfh01F.dat
+ 2009-03-31 07:55:11	490,278	----a-w	c:\windows\system32\perfh01F.dat
+ 2005-04-30 15:45:44	129,437	----a-w	c:\windows\system32\riched64.dll
- 2008-04-15 12:00:00	144,384	----a-w	c:\windows\system32\schannel.dll
+ 2008-12-05 06:55:55	144,896	----a-w	c:\windows\system32\schannel.dll
- 2008-04-15 12:00:00	8,466,432	----a-w	c:\windows\system32\shell32.dll
+ 2008-06-17 19:01:35	8,466,944	----a-w	c:\windows\system32\shell32.dll
- 2007-11-30 12:39:22	17,272	------w	c:\windows\system32\spmsg.dll
+ 2007-11-30 11:21:50	17,272	------w	c:\windows\system32\spmsg.dll
- 2008-04-14 07:00:28	373,248	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2008-07-06 12:06:10	373,248	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
- 2008-04-14 07:00:28	744,448	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2008-07-06 12:06:10	744,960	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
- 2007-03-22 18:03:58	761,344	----a-w	c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2008-03-13 04:52:36	761,344	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL
- 2007-09-27 08:48:58	23,856	----a-w	c:\windows\system32\spupdsvc.exe
+ 2007-07-27 07:41:38	26,488	----a-w	c:\windows\system32\spupdsvc.exe
- 2007-02-10 13:29:51	67,952	----a-w	c:\windows\system32\sqlctr90.dll
+ 2008-11-24 20:31:08	65,888	----a-w	c:\windows\system32\sqlctr90.dll
- 2007-02-10 02:29:52	2,234,224	----a-w	c:\windows\system32\sqlncli.dll
+ 2008-11-24 20:31:10	2,248,544	----a-w	c:\windows\system32\sqlncli.dll
+ 2006-04-30 15:45:44	847,872	---ha-r	c:\windows\system32\symav64.dll
+ 2004-04-30 15:45:44	159,744	---ha-r	c:\windows\system32\symavupd.dll
+ 2007-01-29 04:20:34	144,800	----a-w	c:\windows\system32\VMNetSrv.dll
- 2007-06-11 20:51:12	10,834,944	----a-w	c:\windows\system32\wmp.dll
+ 2008-11-11 16:34:42	10,838,016	----a-w	c:\windows\system32\wmp.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Common Files\Nero\Lib\NMFirstStart.exe" [2008-06-24 19752]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]
"Power_Gear"="c:\program files\Generic\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-08 3166432]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-10-29 96816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\IBM\\SDP70_RAD\\runtimes\\base_v61\\java\\bin\\java.exe"=
"c:\\Program Files\\IBM\\SDP70_RAD\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SDP70_RSA\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SDP_RSM\\jdk\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\RpcSandraSrv.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\nusphere\\phped\\debugger\\DbgListener.exe"=
"c:\\Program Files\\Zend\\ZendStudio-5.5.1\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Sun\\xVM VirtualBox\\VirtualBox.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\nusphere\\phped\\Srv.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\IBM\\SDP70_RSA\\jdk\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\SDP70_RAD\\jdk\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14000:TCP"= 14000:TCP:NetBIOS
"14000:UDP"= 14000:UDP:NetBIOS
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
 
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-09-12 41680]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-09-19 21:37 41456]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2008-08-30 1519168]
R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-29 54960]
R3 eltima_usb_stub;ELTIMA Usb Stub;c:\windows\system32\DRIVERS\usbstub.sys [2007-11-30 11392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-11-30 66432]
R4 DCOM;DCOM; [x]
 
 
--- Other Services/Drivers In Memory ---
 
*Deregistered* - Beep
*Deregistered* - Cdfs
*Deregistered* - Compbatt
*Deregistered* - d347bus
*Deregistered* - DcomLaunch
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - Fastfat
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - KSecDD
*Deregistered* - MountMgr
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - rdpdr
*Deregistered* - sr
*Deregistered* - swenum
*Deregistered* - TermDD
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
.
Contents of the 'Scheduled Tasks' folder
 
2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
 
HKLM-Run-IntelZeroConfig - c:\program files\Intel\Wireless\bin\ZCfgSvc.exe
 
 
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {423F9E0C-30CB-4691-9248-1346FB7F7FC4} = 139.179.10.13
FF - ProfilePath - 
.
 
**************************************************************************
 
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 02:48:37
Windows 5.1.2600 Service Pack 3 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ... 
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
**************************************************************************
 
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
 
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
- - - - - - - > 'winlogon.exe'(288)
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
.
Completion time: 2009-04-06  2:55:10
ComboFix-quarantined-files.txt  2009-04-05 23:55:08
ComboFix2.txt  2009-01-26 03:06:35
ComboFix3.txt  2009-01-26 02:38:41
ComboFix4.txt  2009-01-26 02:29:29
 
Pre-Run: 19,298,185,216 bayt boþ
Post-Run: 22,905,229,312 bayt boþ
 
427	--- E O F ---	2009-03-20 14:51:11
Open in new window
xmachine
Hi,

1) Please visit this link and download Symantec AV definitions and run the file to update it:

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

2) Run a full scan in safe mode

A Symantec Certified Specialist @ your service
jazzIIIlove
ASKER
well...brothers, right now, i am unable to connect net with that machine...Moreover, i am unable to install a program...even in safe mode...

KAV with live CD fails...
SOLUTION