Solved

My computer is infected but i haven't installed a program or i haven't anything to download...

Posted on 2009-04-05
9
979 Views
Last Modified: 2013-12-09
2 hours ago, my machine was working perfectly and i haven't installed anyting or i haven't download anything for 2 weeks...

1) I couldn't have the programs in the taskbar, i mean when minimized, no program appears
2) System restore cannot protect your computer
3) Windows key doesn't trigger windows icon
4) It seems no program is working...
5) Malware bytes is not working...
6) Symantec Corporate works but i couldn't update it to scan...
7) My network adapters gone!!!
8) Device manager doesn't show anything!
9) I couldn't see the user name for programs in task manager...
10) Same above for Safe Mode...

Barely, my machine recognizes my USB in safe mode and i run an old version of ComboFix right now...

I will inform you soon...

Best regards...
0
Comment
Question by:jazzIIIlove
9 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 24073399
start>run>cmd

tasklist /svc

Please paste the output here please.....
0
 
LVL 8

Expert Comment

by:skywalker39
ID: 24073426
Hi jazzllllove,

I'm just curious but did you download and install your Windows Updates?
0
 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24073641
Friends...you won't believe me...but my machine was working perfectly 4 hours ago...I haven't install anything..I just hanging around in youtube...nothing installed, downloaded...

I started combofix scan and it's attached...right now, i have just started KAV with live-cd...

I am going to apply your solutions after KAV finishes his work...

Also, i am going to send hijackthis log...and retry for malware bytes...Unbelievable...must be a joke...

If i go to system restore somehow, i know, i will be safe...but even i cannot enter it...

"System restore cannot protect your computer" error is what i got...

Thanks friends...I am going to apply your solutions too...but disk is 150 G...:(
ComboFix 09-04-04.01 - Administrator 2009-04-06  2:41:00.5 - NTFSx86 MINIMAL

Running from: G:\ComboFix.exe
 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.
 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\windows\IE4 Error Log.txt

c:\windows\system32\nmdfgds0.dll

c:\windows\system32\nmdfgds1.dll
 

.

(((((((((((((((((((((((((   Files Created from 2009-03-05 to 2009-04-05  )))))))))))))))))))))))))))))))

.
 

2009-04-30 18:45 . 2009-04-30 18:45	969	-rah-----	c:\windows\system32\sym-upd.cta

2009-04-05 19:53 . 2009-04-05 19:53	<DIR>	d--------	C:\debian

2009-04-03 02:18 . 2009-04-03 02:18	<DIR>	d--------	C:\Windows Server 2008 Datacenter Enterprise and Standard (x64) - DVD (English)

2009-04-02 19:44 . 2007-03-26 20:05	1,835,008	--a------	c:\windows\system32\vdrive.exe

2009-04-02 19:44 . 2007-03-26 19:41	557,056	--a------	c:\windows\system32\bdwf.exe

2009-04-02 19:44 . 2007-03-29 13:36	151,270	--a------	c:\windows\system32\run.exe.PreARM

2009-04-02 19:44 . 2007-03-29 13:22	68,848	--a------	c:\windows\system32\driverbuild.ocx

2009-04-02 19:44 . 2007-02-10 16:29	32,768	--a------	c:\windows\system32\touch.exe

2009-04-02 19:44 . 2007-03-26 19:51	9,790	-rah-----	c:\windows\system32\fgh

2009-04-02 19:44 . 2007-01-01 18:18	36	-rah-----	c:\windows\system32\wre.cdm

2009-04-02 19:41 . 2009-04-02 19:42	2,563,072	--a------	c:\windows\system32\BDVD.exe

2009-04-02 19:38 . 2008-03-26 15:32	803	-ra------	c:\windows\system32\ipf.cc

2009-04-02 19:38 . 2008-03-26 15:34	498	-ra------	c:\windows\system32\ips.cc

2009-04-02 19:37 . 2008-03-26 16:42	69,120	-ra------	c:\windows\system32\lusetup.exe

2009-04-02 19:37 . 2006-03-25 11:36	64,000	-rahs----	c:\windows\system32\checker.dat

2009-04-02 19:37 . 2008-03-26 15:46	9,605	-rah-----	c:\windows\system32\checker.ocx

2009-03-30 14:14 . 2009-03-30 14:16	<DIR>	d--------	c:\program files\Recovery for PDF

2009-03-25 16:57 . 2009-03-25 16:57	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Last.fm

2009-03-25 16:53 . 2009-03-30 15:34	<DIR>	d--------	c:\program files\Last.fm

2009-03-23 18:41 . 2009-03-23 18:41	4,417,710	--a------	c:\windows\system32\Dexter's Screen Saver.Scr

2009-03-17 18:30 . 2009-03-17 18:44	<DIR>	d--------	c:\program files\nLite

2009-03-17 17:12 . 2009-03-17 17:12	<DIR>	d--------	c:\program files\Innovative Solutions

2009-03-17 11:16 . 2009-03-17 11:16	<DIR>	d--------	c:\program files\Double Driver

2009-03-17 11:16 . 2008-12-01 08:00	517,120	--a------	c:\windows\system32\7-ZIP32.DLL

2009-03-10 11:38 . 2009-03-10 11:38	<DIR>	d--------	c:\program files\DiskInternals

2009-03-09 12:14 . 2009-03-09 12:23	<DIR>	d--------	C:\tmp

2009-03-09 12:14 . 2009-03-09 12:22	<DIR>	d--------	C:\PDFZilla

2009-03-09 12:14 . 2009-03-09 12:24	<DIR>	d--------	C:\output

2009-03-09 12:05 . 2009-03-09 12:11	610	--a------	c:\windows\system32\winpdf.ini
 

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-05 23:29	---------	d-----w	c:\program files\FlashGet

2009-04-05 23:19	---------	d-----w	c:\documents and settings\All Users\Application Data\Babylon

2009-04-05 23:17	---------	d-----w	c:\documents and settings\All Users\Application Data\VMware

2009-04-03 11:19	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP

2009-04-02 16:33	---------	d-----w	c:\program files\Symantec AntiVirus

2009-04-02 14:21	---------	d-----w	c:\program files\NetBeans 6.1

2009-03-31 07:50	---------	d-----w	c:\documents and settings\NetworkService\Application Data\VMware

2009-03-25 13:57	---------	d-----w	c:\program files\iTunes

2009-03-23 09:18	---------	d-----w	c:\program files\Malwarebytes' Anti-Malware

2009-03-20 14:50	---------	d-----w	c:\program files\Microsoft SQL Server

2009-03-17 15:26	---------	d-----w	c:\documents and settings\Baran\Application Data\VMware

2009-03-16 13:12	---------	d-----w	c:\documents and settings\Baran\Application Data\Babylon

2009-03-15 18:00	---------	d-----w	c:\documents and settings\Baran\Application Data\dvdcss

2009-03-13 14:59	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help

2009-03-09 12:44	---------	d-----w	c:\documents and settings\Baran\Application Data\MySQL

2009-03-09 12:43	---------	d-----w	c:\documents and settings\Baran\Application Data\SQLyog

2009-03-02 17:37	---------	d--h--w	c:\program files\InstallShield Installation Information

2009-03-02 17:15	---------	d-----w	c:\program files\Compaq

2009-02-21 15:44	---------	d-----w	c:\program files\Advanced Port Scanner

2009-02-21 15:31	---------	d-----w	c:\documents and settings\Baran\Application Data\OpenOffice.org2

2009-02-16 13:00	---------	d-----w	c:\program files\Microsoft Virtual PC

2009-02-11 08:19	38,496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 08:19	15,504	----a-w	c:\windows\system32\drivers\mbam.sys

2009-02-09 14:05	1,846,784	----a-w	c:\windows\system32\win32k.sys

2009-02-09 08:13	---------	d-----w	c:\program files\iPod

2009-02-09 08:13	---------	d-----w	c:\program files\Common Files\Apple

2009-02-09 08:13	---------	d-----w	c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-02-09 08:11	---------	d-----w	c:\program files\QuickTime

2009-02-09 08:07	---------	d-----w	c:\program files\Bonjour

2008-09-29 04:03	47,360	----a-w	c:\documents and settings\Baran\Application Data\pcouffin.sys

2006-03-25 08:36	64,000	--sha-r	c:\windows\system32\checker.dat

.
 

------- Sigcheck -------
 

Cryptography Services Error !!

.

(((((((((((((((((((((((((((((   snapshot@2009-01-26_ 4.28.18,23   )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-09 13:59:34	1,847,552	----a-w	c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys

+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB958690\spmsg.dll

+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB958690\spuninst.exe

+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB958690\update\spcustom.dll

+ 2008-07-09 07:59:29	756,600	----a-w	c:\windows\$hf_mig$\KB958690\update\update.exe

+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB958690\update\updspapi.dll

+ 2008-12-05 06:59:14	144,896	----a-w	c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll

+ 2007-11-30 11:21:50	17,272	----a-w	c:\windows\$hf_mig$\KB960225\spmsg.dll

+ 2007-11-30 11:21:50	232,824	----a-w	c:\windows\$hf_mig$\KB960225\spuninst.exe

+ 2007-11-30 11:21:50	26,488	----a-w	c:\windows\$hf_mig$\KB960225\update\spcustom.dll

+ 2007-11-30 12:41:01	756,600	----a-w	c:\windows\$hf_mig$\KB960225\update\update.exe

+ 2007-11-30 12:41:01	386,424	----a-w	c:\windows\$hf_mig$\KB960225\update\updspapi.dll

+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB960715\spmsg.dll

+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB960715\spuninst.exe

+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB960715\update\spcustom.dll

+ 2008-11-15 17:19:26	756,600	----a-w	c:\windows\$hf_mig$\KB960715\update\update.exe

+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB960715\update\updspapi.dll

+ 2008-06-17 19:03:59	8,467,456	----a-w	c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll

+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB967715\spmsg.dll

+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB967715\spuninst.exe

+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB967715\update\spcustom.dll

+ 2008-07-09 07:59:29	756,600	----a-w	c:\windows\$hf_mig$\KB967715\update\update.exe

+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB967715\update\updspapi.dll

+ 2008-07-09 07:59:26	232,824	-c----w	c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe

+ 2008-07-09 07:59:37	386,424	-c----w	c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll

+ 2008-04-15 12:00:00	8,466,432	-c----w	c:\windows\$NtUninstallKB967715$\shell32.dll

+ 2008-07-09 07:59:26	232,824	-c----w	c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe

+ 2008-07-09 07:59:37	386,424	-c----w	c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll

- 2008-09-29 01:11:25	363,376	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll

+ 2009-03-20 14:45:10	360,800	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll

- 2008-09-29 01:11:26	78,192	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll

+ 2009-03-20 14:45:11	75,616	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll

- 2008-09-29 01:11:34	1,626,480	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll

+ 2009-03-20 14:45:21	1,625,952	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll

- 2008-09-29 01:11:27	546,160	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll

+ 2009-03-20 14:45:12	543,584	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll

- 2008-09-29 01:11:26	140,656	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll

+ 2009-03-20 14:45:11	138,080	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll

- 2008-09-29 01:11:26	1,217,904	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL

+ 2009-03-20 14:45:11	1,215,328	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL

- 2008-09-29 01:11:26	38,256	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL

+ 2009-03-20 14:45:11	35,680	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL

- 2008-09-29 01:09:32	136,560	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll

+ 2009-03-20 14:41:11	133,984	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll

- 2008-09-29 01:11:25	157,040	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll

+ 2009-03-20 14:45:10	154,464	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll

- 2008-09-29 01:09:32	46,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll

+ 2009-03-20 14:41:11	43,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll

- 2008-09-29 01:09:32	202,096	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll

+ 2009-03-20 14:41:11	199,520	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll

- 2008-09-29 01:11:26	71,024	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll

+ 2009-03-20 14:45:11	68,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll

- 2008-09-29 01:11:26	558,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll

+ 2009-03-20 14:45:11	555,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll

- 2008-09-29 01:11:25	42,352	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll

+ 2009-03-20 14:45:10	39,776	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll

- 2008-09-29 01:11:25	1,598,832	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll

+ 2009-03-20 14:45:10	1,604,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll

- 2008-09-29 01:11:25	222,576	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll

+ 2009-03-20 14:45:10	220,000	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll

- 2008-09-29 01:11:25	906,608	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll

+ 2009-03-20 14:45:10	895,840	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll

- 2008-09-29 01:09:32	595,312	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll

+ 2009-03-20 14:41:11	592,736	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll

- 2008-09-29 01:11:25	46,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll

+ 2009-03-20 14:45:10	43,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll

+ 2009-03-20 14:51:23	249,856	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\ce195aef04208a328e9c4f8fa1c6f65d\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll

+ 2009-03-20 14:51:24	90,112	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\58867f7ce6aa6d044a6877451ba99fc7\Microsoft.SqlServer.CustomControls.ni.dll

+ 2009-03-20 14:51:26	561,152	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7d9b28b61883644575172085bd1687c6\Microsoft.SqlServer.GridControl.ni.dll

+ 2009-03-20 14:51:27	1,028,096	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84f87159bb47418d53465c11403d5afd\Microsoft.SqlServer.WizardFrameworkLite.ni.dll

- 2005-10-20 18:02:28	163,328	----a-w	c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 17:02:28	163,328	----a-w	c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2009-02-09 08:07:44	86,016	----a-r	c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe

+ 2009-04-02 16:14:21	352,256	----a-r	c:\windows\Installer\{26380174-DEAE-4939-8DEC-A17C7B6A0C91}\ARPPRODUCTICON.exe

- 2009-01-17 11:40:02	1,165,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2009-03-13 14:59:53	1,165,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2009-01-17 11:40:03	20,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-03-13 14:59:53	20,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2009-01-17 11:40:02	159,504	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2009-03-13 14:59:53	159,504	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2009-01-17 11:40:02	184,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-03-13 14:59:53	184,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2009-01-17 11:40:03	217,864	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2009-03-13 14:59:53	217,864	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2009-01-17 11:40:03	18,704	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-03-13 14:59:53	18,704	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-01-17 11:40:03	35,088	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2009-03-13 14:59:53	35,088	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-01-17 11:40:03	845,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-03-13 14:59:53	845,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2009-01-17 11:40:03	922,384	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-03-13 14:59:53	922,384	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2009-01-17 11:40:03	272,648	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-03-13 14:59:53	272,648	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2009-01-17 11:40:03	888,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-03-13 14:59:53	888,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-01-17 11:40:02	1,172,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-03-13 14:59:53	1,172,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-02-09 08:14:08	102,400	----a-r	c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe

- 2000-08-31 06:00:00	29,696	----a-w	c:\windows\NIRCMD.exe

+ 2000-08-31 05:00:00	29,696	----a-w	c:\windows\NIRCMD.exe

+ 2007-02-10 03:09:12	127,856	----a-w	c:\windows\SQL9_KB960089_ENU\batchparser90.dll

+ 2007-02-10 03:09:20	1,039,728	----a-w	c:\windows\SQL9_KB960089_ENU\dbghelp.dll

+ 2007-02-10 03:15:30	1,160,560	----a-w	c:\windows\SQL9_KB960089_ENU\dumpdatastore.dll

+ 2008-12-18 02:24:10	2,538,848	----a-w	c:\windows\SQL9_KB960089_ENU\hotfix.exe

+ 2005-10-13 21:26:42	548,864	----a-w	c:\windows\SQL9_KB960089_ENU\msvcp80.dll

+ 2005-10-13 21:26:42	626,688	----a-w	c:\windows\SQL9_KB960089_ENU\msvcr80.dll

+ 2007-02-10 03:29:52	143,728	----a-w	c:\windows\SQL9_KB960089_ENU\sqlcmd.exe

+ 2007-02-10 03:29:52	533,872	----a-w	c:\windows\SQL9_KB960089_ENU\sqldiscoveryapi.dll

+ 2007-02-10 03:29:54	230,256	----a-w	c:\windows\SQL9_KB960089_ENU\sqlsetupvista.dll

+ 2007-02-10 03:09:12	127,856	----a-w	c:\windows\SQLTools9_KB960089_ENU\batchparser90.dll

+ 2007-02-10 03:09:20	1,039,728	----a-w	c:\windows\SQLTools9_KB960089_ENU\dbghelp.dll

+ 2007-02-10 03:15:30	1,160,560	----a-w	c:\windows\SQLTools9_KB960089_ENU\dumpdatastore.dll

+ 2008-12-18 02:24:10	2,538,848	----a-w	c:\windows\SQLTools9_KB960089_ENU\hotfix.exe

+ 2005-10-13 21:26:42	548,864	----a-w	c:\windows\SQLTools9_KB960089_ENU\msvcp80.dll

+ 2005-10-13 21:26:42	626,688	----a-w	c:\windows\SQLTools9_KB960089_ENU\msvcr80.dll

+ 2007-02-10 03:29:52	143,728	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqlcmd.exe

+ 2007-02-10 03:29:52	533,872	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqldiscoveryapi.dll

+ 2007-02-10 03:29:54	230,256	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqlsetupvista.dll

- 2000-08-31 06:00:00	161,792	----a-w	c:\windows\SWREG.exe

+ 2000-08-31 05:00:00	161,792	----a-w	c:\windows\SWREG.exe

+ 2008-09-17 13:29:12	20,040	----a-w	c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

- 2008-04-15 12:00:00	144,384	-c--a-w	c:\windows\system32\dllcache\schannel.dll

+ 2008-12-05 06:55:55	144,896	-c--a-w	c:\windows\system32\dllcache\schannel.dll

- 2008-04-15 12:00:00	8,466,432	-c--a-w	c:\windows\system32\dllcache\shell32.dll

+ 2008-06-17 19:01:35	8,466,944	-c--a-w	c:\windows\system32\dllcache\shell32.dll

- 2008-09-15 15:25:48	1,846,400	-c--a-w	c:\windows\system32\dllcache\win32k.sys

+ 2009-02-09 14:05:18	1,846,784	-c--a-w	c:\windows\system32\dllcache\win32k.sys

- 2007-06-11 20:51:12	10,834,944	-c--a-w	c:\windows\system32\dllcache\wmp.dll

+ 2008-11-11 16:34:42	10,838,016	-c--a-w	c:\windows\system32\dllcache\wmp.dll

- 2008-08-29 07:18:58	87,336	----a-w	c:\windows\system32\dns-sd.exe

+ 2008-12-12 09:18:16	87,336	----a-w	c:\windows\system32\dns-sd.exe

- 2008-08-29 06:53:50	61,440	----a-w	c:\windows\system32\dnssd.dll

+ 2008-12-12 09:11:46	61,440	----a-w	c:\windows\system32\dnssd.dll

- 2008-09-10 13:45:18	32,000	----a-w	c:\windows\system32\drivers\usbaapl.sys

+ 2008-11-07 12:23:30	32,000	----a-w	c:\windows\system32\drivers\usbaapl.sys

+ 2007-02-17 22:15:34	232,816	----a-w	c:\windows\system32\drivers\VMM.sys

+ 2007-01-29 04:20:34	59,280	----a-w	c:\windows\system32\drivers\VMNetSrv.sys

+ 2008-11-07 12:23:30	32,000	-c--a-w	c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys

- 2009-01-23 16:30:01	1,559,360	----a-w	c:\windows\system32\FNTCACHE.DAT

+ 2009-03-13 18:48:28	1,559,360	----a-w	c:\windows\system32\FNTCACHE.DAT

+ 2009-02-03 02:15:28	3,771,296	----a-w	c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2009-02-03 02:15:30	240,544	----a-w	c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2009-04-03 09:56:59	84,661	----a-w	c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2009-01-10 01:35:28	20,853,704	----a-w	c:\windows\system32\MRT.exe

+ 2009-02-25 20:54:59	24,768,960	----a-w	c:\windows\system32\MRT.exe

- 2008-12-08 18:39:34	91,280	----a-w	c:\windows\system32\perfc009.dat

+ 2009-03-31 07:55:11	91,954	----a-w	c:\windows\system32\perfc009.dat

- 2009-01-21 10:03:09	85,902	----a-w	c:\windows\system32\perfc01F.dat

+ 2009-03-31 07:55:11	104,260	----a-w	c:\windows\system32\perfc01F.dat

- 2008-12-08 18:39:34	493,814	----a-w	c:\windows\system32\perfh009.dat

+ 2009-03-31 07:55:11	494,488	----a-w	c:\windows\system32\perfh009.dat

- 2009-01-21 10:03:09	441,894	----a-w	c:\windows\system32\perfh01F.dat

+ 2009-03-31 07:55:11	490,278	----a-w	c:\windows\system32\perfh01F.dat

+ 2005-04-30 15:45:44	129,437	----a-w	c:\windows\system32\riched64.dll

- 2008-04-15 12:00:00	144,384	----a-w	c:\windows\system32\schannel.dll

+ 2008-12-05 06:55:55	144,896	----a-w	c:\windows\system32\schannel.dll

- 2008-04-15 12:00:00	8,466,432	----a-w	c:\windows\system32\shell32.dll

+ 2008-06-17 19:01:35	8,466,944	----a-w	c:\windows\system32\shell32.dll

- 2007-11-30 12:39:22	17,272	------w	c:\windows\system32\spmsg.dll

+ 2007-11-30 11:21:50	17,272	------w	c:\windows\system32\spmsg.dll

- 2008-04-14 07:00:28	373,248	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL

+ 2008-07-06 12:06:10	373,248	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL

- 2008-04-14 07:00:28	744,448	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL

+ 2008-07-06 12:06:10	744,960	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL

- 2007-03-22 18:03:58	761,344	----a-w	c:\windows\system32\spool\drivers\w32x86\3\unires.dll

+ 2008-03-13 04:52:36	761,344	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL

- 2007-09-27 08:48:58	23,856	----a-w	c:\windows\system32\spupdsvc.exe

+ 2007-07-27 07:41:38	26,488	----a-w	c:\windows\system32\spupdsvc.exe

- 2007-02-10 13:29:51	67,952	----a-w	c:\windows\system32\sqlctr90.dll

+ 2008-11-24 20:31:08	65,888	----a-w	c:\windows\system32\sqlctr90.dll

- 2007-02-10 02:29:52	2,234,224	----a-w	c:\windows\system32\sqlncli.dll

+ 2008-11-24 20:31:10	2,248,544	----a-w	c:\windows\system32\sqlncli.dll

+ 2006-04-30 15:45:44	847,872	---ha-r	c:\windows\system32\symav64.dll

+ 2004-04-30 15:45:44	159,744	---ha-r	c:\windows\system32\symavupd.dll

+ 2007-01-29 04:20:34	144,800	----a-w	c:\windows\system32\VMNetSrv.dll

- 2007-06-11 20:51:12	10,834,944	----a-w	c:\windows\system32\wmp.dll

+ 2008-11-11 16:34:42	10,838,016	----a-w	c:\windows\system32\wmp.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NeroHomeFirstStart"="c:\program files\Common Files\Nero\Lib\NMFirstStart.exe" [2008-06-24 19752]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]

"Power_Gear"="c:\program files\Generic\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]

"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-08 3166432]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-10-29 96816]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\IBM\\SDP70_RAD\\runtimes\\base_v61\\java\\bin\\java.exe"=

"c:\\Program Files\\IBM\\SDP70_RAD\\jdk\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\IBM\\SDP70_RSA\\jdk\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\IBM\\SDP_RSM\\jdk\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\Win32\\RpcDataSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\RpcSandraSrv.exe"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"c:\\xampp\\apache\\bin\\apache.exe"=

"c:\\Program Files\\nusphere\\phped\\debugger\\DbgListener.exe"=

"c:\\Program Files\\Zend\\ZendStudio-5.5.1\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\Sun\\xVM VirtualBox\\VirtualBox.exe"=

"c:\\Program Files\\UltraVNC\\vncviewer.exe"=

"c:\\Program Files\\nusphere\\phped\\Srv.exe"=

"c:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

"c:\\Program Files\\IBM\\SDP70_RSA\\jdk\\bin\\javaw.exe"=

"c:\\Program Files\\IBM\\SDP70_RAD\\jdk\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3306:TCP"= 3306:TCP:MySQL Server

"5900:TCP"= 5900:TCP:vnc5900

"5800:TCP"= 5800:TCP:vnc5800

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"14000:TCP"= 14000:TCP:NetBIOS

"14000:UDP"= 14000:UDP:NetBIOS
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)
 

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-09-12 41680]

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-09-19 21:37 41456]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-06-14 17408]

R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2008-08-30 1519168]

R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-29 54960]

R3 eltima_usb_stub;ELTIMA Usb Stub;c:\windows\system32\DRIVERS\usbstub.sys [2007-11-30 11392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

R3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-11-30 66432]

R4 DCOM;DCOM; [x]
 
 

--- Other Services/Drivers In Memory ---
 

*Deregistered* - Beep

*Deregistered* - Cdfs

*Deregistered* - Compbatt

*Deregistered* - d347bus

*Deregistered* - DcomLaunch

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - Fastfat

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - KSecDD

*Deregistered* - MountMgr

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - PartMgr

*Deregistered* - rdpdr

*Deregistered* - sr

*Deregistered* - swenum

*Deregistered* - TermDD

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - VolSnap

.

Contents of the 'Scheduled Tasks' folder
 

2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - ORPHANS REMOVED - - - -
 

HKLM-Run-IntelZeroConfig - c:\program files\Intel\Wireless\bin\ZCfgSvc.exe
 
 

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

TCP: {423F9E0C-30CB-4691-9248-1346FB7F7FC4} = 139.179.10.13

FF - ProfilePath - 

.
 

**************************************************************************
 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-06 02:48:37

Windows 5.1.2600 Service Pack 3 NTFS
 

scanning hidden processes ...  
 

scanning hidden autostart entries ... 
 

scanning hidden files ...  
 

scan completed successfully

hidden files: 0
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------
 

- - - - - - - > 'winlogon.exe'(288)

c:\windows\system32\ac3acm.acm

c:\windows\system32\lameACM.acm

.

Completion time: 2009-04-06  2:55:10

ComboFix-quarantined-files.txt  2009-04-05 23:55:08

ComboFix2.txt  2009-01-26 03:06:35

ComboFix3.txt  2009-01-26 02:38:41

ComboFix4.txt  2009-01-26 02:29:29
 

Pre-Run: 19,298,185,216 bayt boþ

Post-Run: 22,905,229,312 bayt boþ
 

427	--- E O F ---	2009-03-20 14:51:11

Open in new window

0
 
LVL 15

Expert Comment

by:xmachine
ID: 24074283
Hi,

1) Please visit this link and download Symantec AV definitions and run the file to update it:

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

2) Run a full scan in safe mode


A Symantec Certified Specialist @ your service
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24075095
well...brothers, right now, i am unable to connect net with that machine...Moreover, i am unable to install a program...even in safe mode...

KAV with live CD fails...
0
 
LVL 5

Assisted Solution

by:bRvO
bRvO earned 100 total points
ID: 24079682
do you have your windows cd ?

Try and run a REPAIR of the Operating System , only the O/S files are over written so you won't lose any data.
0
 
LVL 16

Accepted Solution

by:
warturtle earned 300 total points
ID: 24082790
Hello jazzlllove,

I suggest that you can take out the harddisk of this computer and put it as a slave into another computer and do an online scan with Kaspersky scanner (http://www.kaspersky.co.uk/virusscanner) to figure out if its a virus or not. It might also be worth doing a checkdisk on the hard disk to check for any errors and recover from them.

You might also want to use System File Checker to check your Windows system files for errors and replace the unhealthy ones with new ones (you might need a Windows XP CD though):

sfc /scannow

Please read this link to familiarize yourself with this utility: http://en.wikipedia.org/wiki/System_File_Checker

Hope it helps.
0
 
LVL 8

Assisted Solution

by:skywalker39
skywalker39 earned 100 total points
ID: 24082811
I agree with warturtle, I too if I were you jazzllllove take your hard drive and put it into another computer as slave and run a couple of scanners. If it comes down to it, I would backup your data and do a complete reinstall.
0
 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24094433
I try to repair...no joy...i cannot have sfc /scannow right now, i am taking a backup and reinstall XP...
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now