Solved

My computer is infected but i haven't installed a program or i haven't anything to download...

Posted on 2009-04-05
9
969 Views
Last Modified: 2013-12-09
2 hours ago, my machine was working perfectly and i haven't installed anyting or i haven't download anything for 2 weeks...

1) I couldn't have the programs in the taskbar, i mean when minimized, no program appears
2) System restore cannot protect your computer
3) Windows key doesn't trigger windows icon
4) It seems no program is working...
5) Malware bytes is not working...
6) Symantec Corporate works but i couldn't update it to scan...
7) My network adapters gone!!!
8) Device manager doesn't show anything!
9) I couldn't see the user name for programs in task manager...
10) Same above for Safe Mode...

Barely, my machine recognizes my USB in safe mode and i run an old version of ComboFix right now...

I will inform you soon...

Best regards...
0
Comment
Question by:jazzIIIlove
9 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 24073399
start>run>cmd

tasklist /svc

Please paste the output here please.....
0
 
LVL 8

Expert Comment

by:skywalker39
ID: 24073426
Hi jazzllllove,

I'm just curious but did you download and install your Windows Updates?
0
 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24073641
Friends...you won't believe me...but my machine was working perfectly 4 hours ago...I haven't install anything..I just hanging around in youtube...nothing installed, downloaded...

I started combofix scan and it's attached...right now, i have just started KAV with live-cd...

I am going to apply your solutions after KAV finishes his work...

Also, i am going to send hijackthis log...and retry for malware bytes...Unbelievable...must be a joke...

If i go to system restore somehow, i know, i will be safe...but even i cannot enter it...

"System restore cannot protect your computer" error is what i got...

Thanks friends...I am going to apply your solutions too...but disk is 150 G...:(
ComboFix 09-04-04.01 - Administrator 2009-04-06  2:41:00.5 - NTFSx86 MINIMAL

Running from: G:\ComboFix.exe
 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.
 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\windows\IE4 Error Log.txt

c:\windows\system32\nmdfgds0.dll

c:\windows\system32\nmdfgds1.dll
 

.

(((((((((((((((((((((((((   Files Created from 2009-03-05 to 2009-04-05  )))))))))))))))))))))))))))))))

.
 

2009-04-30 18:45 . 2009-04-30 18:45	969	-rah-----	c:\windows\system32\sym-upd.cta

2009-04-05 19:53 . 2009-04-05 19:53	<DIR>	d--------	C:\debian

2009-04-03 02:18 . 2009-04-03 02:18	<DIR>	d--------	C:\Windows Server 2008 Datacenter Enterprise and Standard (x64) - DVD (English)

2009-04-02 19:44 . 2007-03-26 20:05	1,835,008	--a------	c:\windows\system32\vdrive.exe

2009-04-02 19:44 . 2007-03-26 19:41	557,056	--a------	c:\windows\system32\bdwf.exe

2009-04-02 19:44 . 2007-03-29 13:36	151,270	--a------	c:\windows\system32\run.exe.PreARM

2009-04-02 19:44 . 2007-03-29 13:22	68,848	--a------	c:\windows\system32\driverbuild.ocx

2009-04-02 19:44 . 2007-02-10 16:29	32,768	--a------	c:\windows\system32\touch.exe

2009-04-02 19:44 . 2007-03-26 19:51	9,790	-rah-----	c:\windows\system32\fgh

2009-04-02 19:44 . 2007-01-01 18:18	36	-rah-----	c:\windows\system32\wre.cdm

2009-04-02 19:41 . 2009-04-02 19:42	2,563,072	--a------	c:\windows\system32\BDVD.exe

2009-04-02 19:38 . 2008-03-26 15:32	803	-ra------	c:\windows\system32\ipf.cc

2009-04-02 19:38 . 2008-03-26 15:34	498	-ra------	c:\windows\system32\ips.cc

2009-04-02 19:37 . 2008-03-26 16:42	69,120	-ra------	c:\windows\system32\lusetup.exe

2009-04-02 19:37 . 2006-03-25 11:36	64,000	-rahs----	c:\windows\system32\checker.dat

2009-04-02 19:37 . 2008-03-26 15:46	9,605	-rah-----	c:\windows\system32\checker.ocx

2009-03-30 14:14 . 2009-03-30 14:16	<DIR>	d--------	c:\program files\Recovery for PDF

2009-03-25 16:57 . 2009-03-25 16:57	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Last.fm

2009-03-25 16:53 . 2009-03-30 15:34	<DIR>	d--------	c:\program files\Last.fm

2009-03-23 18:41 . 2009-03-23 18:41	4,417,710	--a------	c:\windows\system32\Dexter's Screen Saver.Scr

2009-03-17 18:30 . 2009-03-17 18:44	<DIR>	d--------	c:\program files\nLite

2009-03-17 17:12 . 2009-03-17 17:12	<DIR>	d--------	c:\program files\Innovative Solutions

2009-03-17 11:16 . 2009-03-17 11:16	<DIR>	d--------	c:\program files\Double Driver

2009-03-17 11:16 . 2008-12-01 08:00	517,120	--a------	c:\windows\system32\7-ZIP32.DLL

2009-03-10 11:38 . 2009-03-10 11:38	<DIR>	d--------	c:\program files\DiskInternals

2009-03-09 12:14 . 2009-03-09 12:23	<DIR>	d--------	C:\tmp

2009-03-09 12:14 . 2009-03-09 12:22	<DIR>	d--------	C:\PDFZilla

2009-03-09 12:14 . 2009-03-09 12:24	<DIR>	d--------	C:\output

2009-03-09 12:05 . 2009-03-09 12:11	610	--a------	c:\windows\system32\winpdf.ini
 

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-05 23:29	---------	d-----w	c:\program files\FlashGet

2009-04-05 23:19	---------	d-----w	c:\documents and settings\All Users\Application Data\Babylon

2009-04-05 23:17	---------	d-----w	c:\documents and settings\All Users\Application Data\VMware

2009-04-03 11:19	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP

2009-04-02 16:33	---------	d-----w	c:\program files\Symantec AntiVirus

2009-04-02 14:21	---------	d-----w	c:\program files\NetBeans 6.1

2009-03-31 07:50	---------	d-----w	c:\documents and settings\NetworkService\Application Data\VMware

2009-03-25 13:57	---------	d-----w	c:\program files\iTunes

2009-03-23 09:18	---------	d-----w	c:\program files\Malwarebytes' Anti-Malware

2009-03-20 14:50	---------	d-----w	c:\program files\Microsoft SQL Server

2009-03-17 15:26	---------	d-----w	c:\documents and settings\Baran\Application Data\VMware

2009-03-16 13:12	---------	d-----w	c:\documents and settings\Baran\Application Data\Babylon

2009-03-15 18:00	---------	d-----w	c:\documents and settings\Baran\Application Data\dvdcss

2009-03-13 14:59	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help

2009-03-09 12:44	---------	d-----w	c:\documents and settings\Baran\Application Data\MySQL

2009-03-09 12:43	---------	d-----w	c:\documents and settings\Baran\Application Data\SQLyog

2009-03-02 17:37	---------	d--h--w	c:\program files\InstallShield Installation Information

2009-03-02 17:15	---------	d-----w	c:\program files\Compaq

2009-02-21 15:44	---------	d-----w	c:\program files\Advanced Port Scanner

2009-02-21 15:31	---------	d-----w	c:\documents and settings\Baran\Application Data\OpenOffice.org2

2009-02-16 13:00	---------	d-----w	c:\program files\Microsoft Virtual PC

2009-02-11 08:19	38,496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 08:19	15,504	----a-w	c:\windows\system32\drivers\mbam.sys

2009-02-09 14:05	1,846,784	----a-w	c:\windows\system32\win32k.sys

2009-02-09 08:13	---------	d-----w	c:\program files\iPod

2009-02-09 08:13	---------	d-----w	c:\program files\Common Files\Apple

2009-02-09 08:13	---------	d-----w	c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-02-09 08:11	---------	d-----w	c:\program files\QuickTime

2009-02-09 08:07	---------	d-----w	c:\program files\Bonjour

2008-09-29 04:03	47,360	----a-w	c:\documents and settings\Baran\Application Data\pcouffin.sys

2006-03-25 08:36	64,000	--sha-r	c:\windows\system32\checker.dat

.
 

------- Sigcheck -------
 

Cryptography Services Error !!

.

(((((((((((((((((((((((((((((   snapshot@2009-01-26_ 4.28.18,23   )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-09 13:59:34	1,847,552	----a-w	c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys

+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB958690\spmsg.dll

+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB958690\spuninst.exe

+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB958690\update\spcustom.dll

+ 2008-07-09 07:59:29	756,600	----a-w	c:\windows\$hf_mig$\KB958690\update\update.exe

+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB958690\update\updspapi.dll

+ 2008-12-05 06:59:14	144,896	----a-w	c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll

+ 2007-11-30 11:21:50	17,272	----a-w	c:\windows\$hf_mig$\KB960225\spmsg.dll

+ 2007-11-30 11:21:50	232,824	----a-w	c:\windows\$hf_mig$\KB960225\spuninst.exe

+ 2007-11-30 11:21:50	26,488	----a-w	c:\windows\$hf_mig$\KB960225\update\spcustom.dll

+ 2007-11-30 12:41:01	756,600	----a-w	c:\windows\$hf_mig$\KB960225\update\update.exe

+ 2007-11-30 12:41:01	386,424	----a-w	c:\windows\$hf_mig$\KB960225\update\updspapi.dll

+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB960715\spmsg.dll

+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB960715\spuninst.exe

+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB960715\update\spcustom.dll

+ 2008-11-15 17:19:26	756,600	----a-w	c:\windows\$hf_mig$\KB960715\update\update.exe

+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB960715\update\updspapi.dll

+ 2008-06-17 19:03:59	8,467,456	----a-w	c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll

+ 2008-07-09 07:59:26	17,272	----a-w	c:\windows\$hf_mig$\KB967715\spmsg.dll

+ 2008-07-09 07:59:26	232,824	----a-w	c:\windows\$hf_mig$\KB967715\spuninst.exe

+ 2008-07-09 07:59:25	26,488	----a-w	c:\windows\$hf_mig$\KB967715\update\spcustom.dll

+ 2008-07-09 07:59:29	756,600	----a-w	c:\windows\$hf_mig$\KB967715\update\update.exe

+ 2008-07-09 07:59:37	386,424	----a-w	c:\windows\$hf_mig$\KB967715\update\updspapi.dll

+ 2008-07-09 07:59:26	232,824	-c----w	c:\windows\$NtUninstallKB960715$\spuninst\spuninst.exe

+ 2008-07-09 07:59:37	386,424	-c----w	c:\windows\$NtUninstallKB960715$\spuninst\updspapi.dll

+ 2008-04-15 12:00:00	8,466,432	-c----w	c:\windows\$NtUninstallKB967715$\shell32.dll

+ 2008-07-09 07:59:26	232,824	-c----w	c:\windows\$NtUninstallKB967715$\spuninst\spuninst.exe

+ 2008-07-09 07:59:37	386,424	-c----w	c:\windows\$NtUninstallKB967715$\spuninst\updspapi.dll

- 2008-09-29 01:11:25	363,376	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll

+ 2009-03-20 14:45:10	360,800	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll

- 2008-09-29 01:11:26	78,192	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll

+ 2009-03-20 14:45:11	75,616	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.MgdSqlDumper\9.0.242.0__89845dcd8080cc91\microsoft.sqlserver.mgdsqldumper.dll

- 2008-09-29 01:11:34	1,626,480	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll

+ 2009-03-20 14:45:21	1,625,952	----a-w	c:\windows\assembly\GAC_32\Microsoft.SqlServer.Replication\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Replication.dll

- 2008-09-29 01:11:27	546,160	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll

+ 2009-03-20 14:45:12	543,584	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.AdomdClient.dll

- 2008-09-29 01:11:26	140,656	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll

+ 2009-03-20 14:45:11	138,080	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.DeploymentEngine\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DeploymentEngine.dll

- 2008-09-29 01:11:26	1,217,904	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL

+ 2009-03-20 14:45:11	1,215,328	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.AnalysisServices\9.0.242.0__89845dcd8080cc91\Microsoft.AnalysisServices.DLL

- 2008-09-29 01:11:26	38,256	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL

+ 2009-03-20 14:45:11	35,680	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.DataWarehouse.Interfaces\9.0.242.0__89845dcd8080cc91\Microsoft.DataWarehouse.Interfaces.DLL

- 2008-09-29 01:09:32	136,560	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll

+ 2009-03-20 14:41:11	133,984	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.NetEnterpriseServers.ExceptionMessageBox\9.0.242.0__89845dcd8080cc91\Microsoft.NetEnterpriseServers.ExceptionMessageBox.dll

- 2008-09-29 01:11:25	157,040	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll

+ 2009-03-20 14:45:10	154,464	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ConnectionInfo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ConnectionInfo.dll

- 2008-09-29 01:09:32	46,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll

+ 2009-03-20 14:41:11	43,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.CustomControls\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.CustomControls.dll

- 2008-09-29 01:09:32	202,096	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll

+ 2009-03-20 14:41:11	199,520	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.GridControl\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.GridControl.dll

- 2008-09-29 01:11:26	71,024	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll

+ 2009-03-20 14:45:11	68,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.RegSvrEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.RegSvrEnum.dll

- 2008-09-29 01:11:26	558,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll

+ 2009-03-20 14:45:11	555,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Rmo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Rmo.dll

- 2008-09-29 01:11:25	42,352	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll

+ 2009-03-20 14:45:10	39,776	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.ServiceBrokerEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.ServiceBrokerEnum.dll

- 2008-09-29 01:11:25	1,598,832	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll

+ 2009-03-20 14:45:10	1,604,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.Smo\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.Smo.dll

- 2008-09-29 01:11:25	222,576	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll

+ 2009-03-20 14:45:10	220,000	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SmoEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SmoEnum.dll

- 2008-09-29 01:11:25	906,608	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll

+ 2009-03-20 14:45:10	895,840	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.SqlEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.SqlEnum.dll

- 2008-09-29 01:09:32	595,312	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll

+ 2009-03-20 14:41:11	592,736	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WizardFrameworkLite\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WizardFrameworkLite.dll

- 2008-09-29 01:11:25	46,448	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll

+ 2009-03-20 14:45:10	43,872	----a-w	c:\windows\assembly\GAC_MSIL\Microsoft.SqlServer.WmiEnum\9.0.242.0__89845dcd8080cc91\Microsoft.SqlServer.WmiEnum.dll

+ 2009-03-20 14:51:23	249,856	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\ce195aef04208a328e9c4f8fa1c6f65d\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll

+ 2009-03-20 14:51:24	90,112	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\58867f7ce6aa6d044a6877451ba99fc7\Microsoft.SqlServer.CustomControls.ni.dll

+ 2009-03-20 14:51:26	561,152	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7d9b28b61883644575172085bd1687c6\Microsoft.SqlServer.GridControl.ni.dll

+ 2009-03-20 14:51:27	1,028,096	----a-w	c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\84f87159bb47418d53465c11403d5afd\Microsoft.SqlServer.WizardFrameworkLite.ni.dll

- 2005-10-20 18:02:28	163,328	----a-w	c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2005-10-20 17:02:28	163,328	----a-w	c:\windows\ERDNT\Hiv-backup\ERDNT.EXE

+ 2009-02-09 08:07:44	86,016	----a-r	c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe

+ 2009-04-02 16:14:21	352,256	----a-r	c:\windows\Installer\{26380174-DEAE-4939-8DEC-A17C7B6A0C91}\ARPPRODUCTICON.exe

- 2009-01-17 11:40:02	1,165,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2009-03-13 14:59:53	1,165,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2009-01-17 11:40:03	20,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-03-13 14:59:53	20,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2009-01-17 11:40:02	159,504	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2009-03-13 14:59:53	159,504	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2009-01-17 11:40:02	184,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2009-03-13 14:59:53	184,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2009-01-17 11:40:03	217,864	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2009-03-13 14:59:53	217,864	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2009-01-17 11:40:03	18,704	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2009-03-13 14:59:53	18,704	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-01-17 11:40:03	35,088	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2009-03-13 14:59:53	35,088	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-01-17 11:40:03	845,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2009-03-13 14:59:53	845,584	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2009-01-17 11:40:03	922,384	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-03-13 14:59:53	922,384	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2009-01-17 11:40:03	272,648	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-03-13 14:59:53	272,648	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2009-01-17 11:40:03	888,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-03-13 14:59:53	888,080	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-01-17 11:40:02	1,172,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-03-13 14:59:53	1,172,240	----a-r	c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-02-09 08:14:08	102,400	----a-r	c:\windows\Installer\{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}\iTunesIco.exe

- 2000-08-31 06:00:00	29,696	----a-w	c:\windows\NIRCMD.exe

+ 2000-08-31 05:00:00	29,696	----a-w	c:\windows\NIRCMD.exe

+ 2007-02-10 03:09:12	127,856	----a-w	c:\windows\SQL9_KB960089_ENU\batchparser90.dll

+ 2007-02-10 03:09:20	1,039,728	----a-w	c:\windows\SQL9_KB960089_ENU\dbghelp.dll

+ 2007-02-10 03:15:30	1,160,560	----a-w	c:\windows\SQL9_KB960089_ENU\dumpdatastore.dll

+ 2008-12-18 02:24:10	2,538,848	----a-w	c:\windows\SQL9_KB960089_ENU\hotfix.exe

+ 2005-10-13 21:26:42	548,864	----a-w	c:\windows\SQL9_KB960089_ENU\msvcp80.dll

+ 2005-10-13 21:26:42	626,688	----a-w	c:\windows\SQL9_KB960089_ENU\msvcr80.dll

+ 2007-02-10 03:29:52	143,728	----a-w	c:\windows\SQL9_KB960089_ENU\sqlcmd.exe

+ 2007-02-10 03:29:52	533,872	----a-w	c:\windows\SQL9_KB960089_ENU\sqldiscoveryapi.dll

+ 2007-02-10 03:29:54	230,256	----a-w	c:\windows\SQL9_KB960089_ENU\sqlsetupvista.dll

+ 2007-02-10 03:09:12	127,856	----a-w	c:\windows\SQLTools9_KB960089_ENU\batchparser90.dll

+ 2007-02-10 03:09:20	1,039,728	----a-w	c:\windows\SQLTools9_KB960089_ENU\dbghelp.dll

+ 2007-02-10 03:15:30	1,160,560	----a-w	c:\windows\SQLTools9_KB960089_ENU\dumpdatastore.dll

+ 2008-12-18 02:24:10	2,538,848	----a-w	c:\windows\SQLTools9_KB960089_ENU\hotfix.exe

+ 2005-10-13 21:26:42	548,864	----a-w	c:\windows\SQLTools9_KB960089_ENU\msvcp80.dll

+ 2005-10-13 21:26:42	626,688	----a-w	c:\windows\SQLTools9_KB960089_ENU\msvcr80.dll

+ 2007-02-10 03:29:52	143,728	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqlcmd.exe

+ 2007-02-10 03:29:52	533,872	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqldiscoveryapi.dll

+ 2007-02-10 03:29:54	230,256	----a-w	c:\windows\SQLTools9_KB960089_ENU\sqlsetupvista.dll

- 2000-08-31 06:00:00	161,792	----a-w	c:\windows\SWREG.exe

+ 2000-08-31 05:00:00	161,792	----a-w	c:\windows\SWREG.exe

+ 2008-09-17 13:29:12	20,040	----a-w	c:\windows\system32\config\systemprofile\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

- 2008-04-15 12:00:00	144,384	-c--a-w	c:\windows\system32\dllcache\schannel.dll

+ 2008-12-05 06:55:55	144,896	-c--a-w	c:\windows\system32\dllcache\schannel.dll

- 2008-04-15 12:00:00	8,466,432	-c--a-w	c:\windows\system32\dllcache\shell32.dll

+ 2008-06-17 19:01:35	8,466,944	-c--a-w	c:\windows\system32\dllcache\shell32.dll

- 2008-09-15 15:25:48	1,846,400	-c--a-w	c:\windows\system32\dllcache\win32k.sys

+ 2009-02-09 14:05:18	1,846,784	-c--a-w	c:\windows\system32\dllcache\win32k.sys

- 2007-06-11 20:51:12	10,834,944	-c--a-w	c:\windows\system32\dllcache\wmp.dll

+ 2008-11-11 16:34:42	10,838,016	-c--a-w	c:\windows\system32\dllcache\wmp.dll

- 2008-08-29 07:18:58	87,336	----a-w	c:\windows\system32\dns-sd.exe

+ 2008-12-12 09:18:16	87,336	----a-w	c:\windows\system32\dns-sd.exe

- 2008-08-29 06:53:50	61,440	----a-w	c:\windows\system32\dnssd.dll

+ 2008-12-12 09:11:46	61,440	----a-w	c:\windows\system32\dnssd.dll

- 2008-09-10 13:45:18	32,000	----a-w	c:\windows\system32\drivers\usbaapl.sys

+ 2008-11-07 12:23:30	32,000	----a-w	c:\windows\system32\drivers\usbaapl.sys

+ 2007-02-17 22:15:34	232,816	----a-w	c:\windows\system32\drivers\VMM.sys

+ 2007-01-29 04:20:34	59,280	----a-w	c:\windows\system32\drivers\VMNetSrv.sys

+ 2008-11-07 12:23:30	32,000	-c--a-w	c:\windows\system32\DRVSTORE\usbaapl_246F92BBD6449C86FC3F3F28C40D59AC1F69C558\usbaapl.sys

- 2009-01-23 16:30:01	1,559,360	----a-w	c:\windows\system32\FNTCACHE.DAT

+ 2009-03-13 18:48:28	1,559,360	----a-w	c:\windows\system32\FNTCACHE.DAT

+ 2009-02-03 02:15:28	3,771,296	----a-w	c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2009-02-03 02:15:30	240,544	----a-w	c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2009-04-03 09:56:59	84,661	----a-w	c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2009-01-10 01:35:28	20,853,704	----a-w	c:\windows\system32\MRT.exe

+ 2009-02-25 20:54:59	24,768,960	----a-w	c:\windows\system32\MRT.exe

- 2008-12-08 18:39:34	91,280	----a-w	c:\windows\system32\perfc009.dat

+ 2009-03-31 07:55:11	91,954	----a-w	c:\windows\system32\perfc009.dat

- 2009-01-21 10:03:09	85,902	----a-w	c:\windows\system32\perfc01F.dat

+ 2009-03-31 07:55:11	104,260	----a-w	c:\windows\system32\perfc01F.dat

- 2008-12-08 18:39:34	493,814	----a-w	c:\windows\system32\perfh009.dat

+ 2009-03-31 07:55:11	494,488	----a-w	c:\windows\system32\perfh009.dat

- 2009-01-21 10:03:09	441,894	----a-w	c:\windows\system32\perfh01F.dat

+ 2009-03-31 07:55:11	490,278	----a-w	c:\windows\system32\perfh01F.dat

+ 2005-04-30 15:45:44	129,437	----a-w	c:\windows\system32\riched64.dll

- 2008-04-15 12:00:00	144,384	----a-w	c:\windows\system32\schannel.dll

+ 2008-12-05 06:55:55	144,896	----a-w	c:\windows\system32\schannel.dll

- 2008-04-15 12:00:00	8,466,432	----a-w	c:\windows\system32\shell32.dll

+ 2008-06-17 19:01:35	8,466,944	----a-w	c:\windows\system32\shell32.dll

- 2007-11-30 12:39:22	17,272	------w	c:\windows\system32\spmsg.dll

+ 2007-11-30 11:21:50	17,272	------w	c:\windows\system32\spmsg.dll

- 2008-04-14 07:00:28	373,248	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL

+ 2008-07-06 12:06:10	373,248	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL

- 2008-04-14 07:00:28	744,448	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL

+ 2008-07-06 12:06:10	744,960	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL

- 2007-03-22 18:03:58	761,344	----a-w	c:\windows\system32\spool\drivers\w32x86\3\unires.dll

+ 2008-03-13 04:52:36	761,344	----a-w	c:\windows\system32\spool\drivers\w32x86\3\UNIRES.DLL

- 2007-09-27 08:48:58	23,856	----a-w	c:\windows\system32\spupdsvc.exe

+ 2007-07-27 07:41:38	26,488	----a-w	c:\windows\system32\spupdsvc.exe

- 2007-02-10 13:29:51	67,952	----a-w	c:\windows\system32\sqlctr90.dll

+ 2008-11-24 20:31:08	65,888	----a-w	c:\windows\system32\sqlctr90.dll

- 2007-02-10 02:29:52	2,234,224	----a-w	c:\windows\system32\sqlncli.dll

+ 2008-11-24 20:31:10	2,248,544	----a-w	c:\windows\system32\sqlncli.dll

+ 2006-04-30 15:45:44	847,872	---ha-r	c:\windows\system32\symav64.dll

+ 2004-04-30 15:45:44	159,744	---ha-r	c:\windows\system32\symavupd.dll

+ 2007-01-29 04:20:34	144,800	----a-w	c:\windows\system32\VMNetSrv.dll

- 2007-06-11 20:51:12	10,834,944	----a-w	c:\windows\system32\wmp.dll

+ 2008-11-11 16:34:42	10,838,016	----a-w	c:\windows\system32\wmp.dll

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NeroHomeFirstStart"="c:\program files\Common Files\Nero\Lib\NMFirstStart.exe" [2008-06-24 19752]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976]

"Power_Gear"="c:\program files\Generic\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]

"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-15 233472]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]

"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-08 3166432]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-10-29 96816]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"RTHDCPL"="RTHDCPL.EXE" [2007-03-08 c:\windows\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\IBM\\SDP70_RAD\\runtimes\\base_v61\\java\\bin\\java.exe"=

"c:\\Program Files\\IBM\\SDP70_RAD\\jdk\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\IBM\\SDP70_RSA\\jdk\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\IBM\\SDP_RSM\\jdk\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\Win32\\RpcDataSrv.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Engineer XII\\RpcSandraSrv.exe"=

"c:\\Program Files\\FlashGet\\flashget.exe"=

"c:\\xampp\\apache\\bin\\apache.exe"=

"c:\\Program Files\\nusphere\\phped\\debugger\\DbgListener.exe"=

"c:\\Program Files\\Zend\\ZendStudio-5.5.1\\jre\\bin\\javaw.exe"=

"c:\\Program Files\\Sun\\xVM VirtualBox\\VirtualBox.exe"=

"c:\\Program Files\\UltraVNC\\vncviewer.exe"=

"c:\\Program Files\\nusphere\\phped\\Srv.exe"=

"c:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

"c:\\Program Files\\IBM\\SDP70_RSA\\jdk\\bin\\javaw.exe"=

"c:\\Program Files\\IBM\\SDP70_RAD\\jdk\\bin\\javaw.exe"=

"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3306:TCP"= 3306:TCP:MySQL Server

"5900:TCP"= 5900:TCP:vnc5900

"5800:TCP"= 5800:TCP:vnc5800

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"14000:TCP"= 14000:TCP:NetBIOS

"14000:UDP"= 14000:UDP:NetBIOS
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)
 

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-09-12 95888]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-09-12 41680]

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-09-19 21:37 41456]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-06-14 17408]

R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2008-08-30 1519168]

R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-29 54960]

R3 eltima_usb_stub;ELTIMA Usb Stub;c:\windows\system32\DRIVERS\usbstub.sys [2007-11-30 11392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

R3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-11-30 66432]

R4 DCOM;DCOM; [x]
 
 

--- Other Services/Drivers In Memory ---
 

*Deregistered* - Beep

*Deregistered* - Cdfs

*Deregistered* - Compbatt

*Deregistered* - d347bus

*Deregistered* - DcomLaunch

*Deregistered* - dmio

*Deregistered* - dmload

*Deregistered* - Fastfat

*Deregistered* - FltMgr

*Deregistered* - Ftdisk

*Deregistered* - KSecDD

*Deregistered* - MountMgr

*Deregistered* - Msfs

*Deregistered* - mssmbios

*Deregistered* - Mup

*Deregistered* - NDIS

*Deregistered* - Npfs

*Deregistered* - Ntfs

*Deregistered* - Null

*Deregistered* - PartMgr

*Deregistered* - rdpdr

*Deregistered* - sr

*Deregistered* - swenum

*Deregistered* - TermDD

*Deregistered* - Update

*Deregistered* - VgaSave

*Deregistered* - VolSnap

.

Contents of the 'Scheduled Tasks' folder
 

2009-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - ORPHANS REMOVED - - - -
 

HKLM-Run-IntelZeroConfig - c:\program files\Intel\Wireless\bin\ZCfgSvc.exe
 
 

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

TCP: {423F9E0C-30CB-4691-9248-1346FB7F7FC4} = 139.179.10.13

FF - ProfilePath - 

.
 

**************************************************************************
 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-06 02:48:37

Windows 5.1.2600 Service Pack 3 NTFS
 

scanning hidden processes ...  
 

scanning hidden autostart entries ... 
 

scanning hidden files ...  
 

scan completed successfully

hidden files: 0
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
 

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl"

.

--------------------- DLLs Loaded Under Running Processes ---------------------
 

- - - - - - - > 'winlogon.exe'(288)

c:\windows\system32\ac3acm.acm

c:\windows\system32\lameACM.acm

.

Completion time: 2009-04-06  2:55:10

ComboFix-quarantined-files.txt  2009-04-05 23:55:08

ComboFix2.txt  2009-01-26 03:06:35

ComboFix3.txt  2009-01-26 02:38:41

ComboFix4.txt  2009-01-26 02:29:29
 

Pre-Run: 19,298,185,216 bayt boþ

Post-Run: 22,905,229,312 bayt boþ
 

427	--- E O F ---	2009-03-20 14:51:11

Open in new window

0
 
LVL 15

Expert Comment

by:xmachine
ID: 24074283
Hi,

1) Please visit this link and download Symantec AV definitions and run the file to update it:

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=savce

2) Run a full scan in safe mode


A Symantec Certified Specialist @ your service
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24075095
well...brothers, right now, i am unable to connect net with that machine...Moreover, i am unable to install a program...even in safe mode...

KAV with live CD fails...
0
 
LVL 5

Assisted Solution

by:bRvO
bRvO earned 100 total points
ID: 24079682
do you have your windows cd ?

Try and run a REPAIR of the Operating System , only the O/S files are over written so you won't lose any data.
0
 
LVL 16

Accepted Solution

by:
warturtle earned 300 total points
ID: 24082790
Hello jazzlllove,

I suggest that you can take out the harddisk of this computer and put it as a slave into another computer and do an online scan with Kaspersky scanner (http://www.kaspersky.co.uk/virusscanner) to figure out if its a virus or not. It might also be worth doing a checkdisk on the hard disk to check for any errors and recover from them.

You might also want to use System File Checker to check your Windows system files for errors and replace the unhealthy ones with new ones (you might need a Windows XP CD though):

sfc /scannow

Please read this link to familiarize yourself with this utility: http://en.wikipedia.org/wiki/System_File_Checker

Hope it helps.
0
 
LVL 8

Assisted Solution

by:skywalker39
skywalker39 earned 100 total points
ID: 24082811
I agree with warturtle, I too if I were you jazzllllove take your hard drive and put it into another computer as slave and run a couple of scanners. If it comes down to it, I would backup your data and do a complete reinstall.
0
 
LVL 12

Author Comment

by:jazzIIIlove
ID: 24094433
I try to repair...no joy...i cannot have sfc /scannow right now, i am taking a backup and reinstall XP...
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now