This is the log
Have to said my computer it's better now but the background it's still black, the AV database update of pareto its trying to download for the thousand time and I don't have an anti virus... Oh! and still there are pop up from internet explorer even when I used Firefox. Before I forgot I have this weird things in my desktop called: setupxv, setupxv2, setupxv.exe, setup.exepart (2), sdsetup_aff and sdsetup_aff.exe.part what I should do with that?
Hope you can help me and MILLIONS thanks you been a savior Dragon Master Jay ^_^
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\02878833
c:\documents and settings\All Users\Application Data\02878833\02878833 .exe
c:\documents and settings\All Users\Application Data\02878833\02878833.exe
c:\documents and settings\All Users\Application Data\02878833\02878833.exe85
c:\documents and settings\All Users\Application Data\08741323
c:\documents and settings\All Users\Application Data\08741323\08741323.exe
c:\documents and settings\All Users\Application Data\16365930
c:\documents and settings\All Users\Application Data\16365930\16365930 .exe
c:\documents and settings\All Users\Application Data\16365930\16365930.exe
c:\documents and settings\All Users\Application Data\47425224
c:\documents and settings\All Users\Application Data\47425224\47425224.exe
c:\documents and settings\All Users\Application Data\53983533
c:\documents and settings\All Users\Application Data\53983533\53983533.exe
c:\documents and settings\All Users\Application Data\54454426
c:\documents and settings\All Users\Application Data\54454426\54454426.exe
c:\documents and settings\All Users\Application Data\70517525
c:\documents and settings\All Users\Application Data\70517525\70517525.exe
c:\documents and settings\All Users\Application Data\70649632
c:\documents and settings\All Users\Application Data\70649632\70649632 .exe
c:\documents and settings\All Users\Application Data\70649632\70649632.exe
c:\documents and settings\All Users\Application Data\70649632\70649632.exe78
c:\documents and settings\All Users\Application Data\70649632\70649632.exe79
c:\documents and settings\All Users\Application Data\70649632\70649632.exe83
c:\documents and settings\All Users\Application Data\77647132
c:\documents and settings\All Users\Application Data\77647132\77647132 .exe
c:\documents and settings\All Users\Application Data\77647132\77647132.exe
c:\documents and settings\All Users\Application Data\77647132\77647132.exe76
c:\documents and settings\All Users\Application Data\77647132\77647132.exe78
c:\documents and settings\All Users\Application Data\77647132\77647132.exe80
c:\documents and settings\All Users\Application Data\77647132\77647132.exe81
c:\documents and settings\All Users\Application Data\77647132\77647132.exe87
c:\documents and settings\All Users\Application Data\82259430
c:\documents and settings\All Users\Application Data\82259430\82259430.exe
c:\documents and settings\All Users\Application Data\83003115
c:\documents and settings\All Users\Application Data\83003115\83003115 .exe
c:\documents and settings\All Users\Application Data\83003115\83003115.exe
c:\documents and settings\All Users\Application Data\83003115\83003115.exe73
c:\documents and settings\All Users\Application Data\83003115\83003115.exe84
c:\documents and settings\All Users\Application Data\99954541
c:\documents and settings\All Users\Application Data\99954541\99954541.exe
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\JuneBee\alcmtr .exe
c:\documents and settings\JuneBee\Desktop\Security Tool.lnk
c:\documents and settings\JuneBee\rthdcpl .exe
c:\documents and settings\JuneBee\Start Menu\Programs\Security Tool.lnk
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858
c:\recycler\S-1-5-21-0447394906-7198135938-923767527-5896
c:\recycler\S-1-5-21-0501512522-7646158172-667485994-9599
c:\recycler\S-1-5-21-0582488896-0341407879-146508784-9943
c:\recycler\S-1-5-21-0649299018-0575681889-665819181-3226
c:\recycler\S-1-5-21-1480887236-1093427048-286052243-5724
c:\recycler\S-1-5-21-1902740502-0352043327-731400298-0847
c:\recycler\S-1-5-21-2085476138-6352448493-487585985-8755
c:\recycler\S-1-5-21-2122057287-6182961808-270161215-3959
c:\recycler\S-1-5-21-2468030876-1522567419-221921824-0293
c:\recycler\S-1-5-21-2912753090-5297996505-907942846-7299
c:\recycler\S-1-5-21-3067157358-7231541252-267691266-3851
c:\recycler\S-1-5-21-3692477152-2525541581-418592227-5865
c:\recycler\S-1-5-21-3790742162-2058005016-745427202-8068
c:\recycler\S-1-5-21-3990368166-8654793356-095416647-4906
c:\recycler\S-1-5-21-4102207103-2194824243-971658871-9078
c:\recycler\S-1-5-21-5142299543-4635009795-527315827-0715
c:\recycler\S-1-5-21-5703035853-6813495754-080281061-9322
c:\recycler\S-1-5-21-5752942097-7665383375-038214147-4259
c:\recycler\S-1-5-21-6241425650-5669090170-738427037-7085
c:\recycler\S-1-5-21-6370770112-5774991198-729954531-5808
c:\recycler\S-1-5-21-6964152259-4013128590-559530424-7543
c:\recycler\S-1-5-21-6964152259-4013128590-559530424-7543\Desktop.ini
c:\recycler\S-1-5-21-6964152259-4013128590-559530424-7543\wnzip32.exe
c:\recycler\S-1-5-21-6997879675-0605734716-576047685-4774
c:\recycler\S-1-5-21-7807370869-1119633313-376371884-4884
c:\recycler\S-1-5-21-7837854904-9411621144-094828858-4805
c:\recycler\S-1-5-21-7848606716-6156794711-750258791-4330
c:\recycler\S-1-5-21-8031493540-0863843849-222041641-5349
c:\recycler\S-1-5-21-8675054998-7311240254-664893633-9758
c:\recycler\S-1-5-21-8806091670-5718497770-109241868-5350
c:\recycler\S-1-5-21-8906878401-0971736850-802790970-9204
c:\recycler\S-1-5-21-8988344427-5542921364-820724886-4169
c:\recycler\S-1-5-21-9061000854-2489376264-628387852-4673
c:\recycler\S-1-5-21-9111695606-7120013336-717352267-6103
c:\recycler\S-1-5-21-9688612448-2536263893-654770479-3607
c:\recycler\S-1-5-21-9699104548-3362457128-342960239-8047
c:\recycler\S-1-5-21-9878363925-5772207793-828694395-4689
c:\windows\plfsetl .exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\glaide32.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\mscert.dll
c:\windows\system32\msvcrt2.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\reg32 .exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\vsnp2uvc .exe
c:\windows\system32\drivers\beep.sys . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\windows\system32\dllcache\beep.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_glaide32
-------\Legacy_npf
-------\Service_glaide32
-------\Service_npf
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.
2009-10-30 01:49 . 2009-10-30 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-10-30 01:49 . 2009-10-30 01:49 -------- d-----w- c:\program files\RegCure
2009-10-30 00:48 . 2009-10-30 01:12 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-10-30 00:48 . 2009-10-30 01:12 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-10-30 00:43 . 2009-10-30 01:14 30208 ----a-w- C:\rkfo.exe
2009-10-30 00:43 . 2009-10-30 01:14 205990 ----a-w- C:\vckjykp.exe
2009-10-30 00:43 . 2009-10-30 01:14 15872 ----a-w- C:\hfhhhml.exe
2009-10-30 00:43 . 2009-10-30 01:14 91648 ----a-w- C:\brhpxf.exe
2009-10-28 23:50 . 2009-10-28 23:50 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-28 23:50 . 2009-10-28 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-10-28 23:50 . 2009-10-28 23:50 -------- d-----w- c:\program files\ParetoLogic
2009-10-28 23:50 . 2009-10-28 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-28 23:44 . 2009-10-28 23:44 -------- d-----w- c:\documents and settings\JuneBee\Local Settings\Application Data\Downloaded Installations
2009-10-28 23:25 . 2009-10-30 00:38 1490 ----a-w- C:\MsFrameNet23.5.dat
2009-10-28 23:25 . 2009-10-28 23:57 126464 --sh--r- C:\fxdpynbu.exe
2009-10-28 23:25 . 2009-10-28 23:25 126464 --sha-r- C:\fxdpynbu .exe
2009-10-28 21:22 . 2009-10-30 02:01 4096 ----a-w- c:\windows\system32\drivers\SecuLay.sys
2009-10-28 21:22 . 2009-10-30 02:25 30208 ----a-w- c:\windows\system32\reg32.exe
2009-10-28 21:22 . 2009-10-30 02:25 30208 ----a-w- c:\windows\system32\reg32 .exe
2009-10-28 21:21 . 2009-10-29 01:37 91648 ----a-w- C:\dtnm.exe
2009-10-28 11:37 . 2009-10-30 00:43 822 ----a-w- c:\windows\system32\wininit.dll
2009-10-27 23:37 . 2009-10-27 23:37 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 23:30 . 2009-10-30 01:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-27 23:29 . 2009-10-30 01:20 -------- d-----w- c:\program files\Lavasoft
2009-10-27 23:29 . 2009-10-30 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-27 03:44 . 2009-10-27 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-27 02:37 . 2009-10-30 01:14 30208 ----a-w- c:\documents and settings\JuneBee\alcmtr.exe
2009-10-27 02:37 . 2009-10-30 02:25 30208 ----a-w- c:\documents and settings\JuneBee\rthdcpl.exe
2009-10-27 01:39 . 2009-10-30 02:25 30208 ----a-w- c:\windows\vsnp2uvc.exe
2009-10-27 01:39 . 2009-10-29 01:37 208420 ----a-w- C:\vppf.exe
2009-10-27 01:38 . 2009-10-29 01:37 30208 ----a-w- C:\wwwvg.exe
2009-10-14 21:23 . 2009-10-14 21:23 -------- d-----w- c:\program files\Alwil Software
2009-10-14 02:51 . 2009-10-14 02:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-14 02:50 . 2009-10-27 03:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-14 02:50 . 2009-10-27 03:45 -------- d-----w- c:\documents and settings\JuneBee\Application Data\SUPERAntiSpyware.com
2009-10-14 02:44 . 2009-10-14 02:44 -------- d-----w- c:\documents and settings\JuneBee\Application Data\Malwarebytes
2009-10-14 02:44 . 2009-10-14 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-14 02:36 . 2009-10-27 01:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-14 02:09 . 2009-10-27 22:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-14 01:47 . 2009-10-27 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-14 00:53 . 2009-10-27 01:37 -------- d-sh--w- c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH
2009-10-11 16:11 . 2009-10-11 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-10-11 16:09 . 2009-10-15 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-30 18:28 . 2009-09-30 19:04 -------- d-----w- c:\documents and settings\JuneBee\Application Data\U3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 02:26 . 2009-10-29 02:22 76288 ----a-w- c:\windows\system32\drivers\a0d2fd81.sys
2009-10-30 02:26 . 2009-10-29 00:23 76288 ----a-w- c:\windows\system32\drivers\45b46bca.sys
2009-10-30 02:25 . 2007-07-05 04:35 30208 ----a-w- c:\windows\plfsetl.exe
2009-10-30 02:25 . 2009-03-06 16:11 -------- d-----w- c:\program files\Launch Manager
2009-10-30 02:25 . 2008-02-28 07:00 30208 ----a-w- c:\windows\system32\hkcmd.exe
2009-10-30 02:25 . 2008-02-28 07:00 30208 ----a-w- c:\windows\system32\igfxtray.exe
2009-10-30 01:18 . 2009-10-29 01:10 34854 ----a-w- c:\windows\system32\uses32.dat
2009-10-30 01:14 . 2008-02-28 07:00 30208 ----a-w- c:\windows\system32\igfxpers.exe
2009-10-29 02:22 . 2009-10-28 23:56 30208 ----a-w- C:\biqxh.exe
2009-10-29 02:22 . 2009-10-28 23:56 91648 ----a-w- C:\fospdj.exe
2009-10-29 02:22 . 2009-10-28 23:56 185034 ----a-w- C:\wtcqrqjr.exe
2009-10-29 01:37 . 2009-10-29 01:37 76288 ----a-w- c:\windows\system32\drivers\47c0a42.sys
2009-10-29 01:36 . 2009-10-29 01:36 12800 ----a-w- C:\ee11.exe
2009-10-29 01:34 . 2009-10-29 01:34 76288 ----a-w- c:\windows\system32\drivers\613d0426.sys
2009-10-29 01:31 . 2009-10-29 01:31 76288 ----a-w- c:\windows\system32\drivers\c28f0714.sys
2009-10-29 00:20 . 2009-10-28 23:57 0 ----a-w- c:\windows\system32\drivers\26efeaee.sys
2009-10-28 23:56 . 2009-10-28 23:56 126464 --sh--r- C:\iopuabg.exe
2009-10-28 11:36 . 2009-03-07 23:40 82008 ----a-w- c:\documents and settings\Idamar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 21:24 . 2008-08-15 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-19 12:44 . 2009-03-17 22:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-14 22:54 . 2008-08-15 18:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-13 23:27 . 2009-08-22 00:21 -------- d-----w- c:\program files\CorrectNotas
2009-09-13 23:23 . 2009-06-25 16:29 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-13 23:01 . 2009-09-11 23:45 111975 ----a-w- c:\windows\hpoins07.dat
2009-09-13 23:01 . 2009-09-11 23:45 -------- d-----w- c:\documents and settings\JuneBee\Application Data\HP
2009-09-12 17:56 . 2009-09-12 17:56 129 ----a-w- c:\documents and settings\JuneBee\Local Settings\Application Data\fusioncache.dat
2009-09-12 00:04 . 2009-09-12 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-12 00:02 . 2009-09-12 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-09-12 00:02 . 2009-09-12 00:02 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-09-12 00:01 . 2009-09-12 00:01 -------- d-----w- c:\program files\Common Files\HP
2009-09-11 23:57 . 2009-09-11 23:57 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-11 23:57 . 2009-09-11 23:47 -------- d-----w- c:\program files\HP
2009-09-11 23:55 . 2009-09-11 23:55 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-09-11 14:18 . 2008-04-15 03:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-15 03:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2007-08-14 01:54 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2008-04-15 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2008-04-15 03:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-04-15 03:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2008-04-15 03:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2008-04-15 03:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2008-04-15 03:00 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 68856]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-04-01 405504]
"Windows Login Assistance"="c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe" [2008-04-14 69632]
"Windows Sicherheitscenter"="c:\windows\system32\reg32.exe" [2009-10-30 30208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-30 30208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-30 30208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-30 30208]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2009-10-30 30208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-30 30208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2009-10-30 30208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-06 24064]
"PLFSetL"="c:\windows\PLFSetL.exe" [2009-10-30 30208]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-10-30 30208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2009-10-30 30208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-06 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-10-30 30208]
"Windows Login Assistance"="c:\documents and settings\Idamar\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe" [2008-04-14 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Microsoft FrameNet 2"="c:\fxdpynbu.exe" [2009-10-28 126464]
"ParetoLogic Anti-Virus PLUS"="c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.lnk" [2009-10-30 2355]
"Windows Security Layer"="c:\windows\system32\reg32.exe" [2009-10-30 30208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Login Assistance"="c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe" [2008-04-14 69632]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Windows Login Assistance"="c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe" [2008-04-14 69632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-14 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableCMD"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableCMD"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)
"NoRun"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)
"NoRun"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\kbdnet.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_SZ c:\windows\system32\mscert.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/01/2009 04:17 p.m. 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/01/2009 04:17 p.m. 55024]
R2 ZeppelinService;plasservice;c:\program files\Common Files\ParetoLogic\PLAS\plasservice.exe [18/02/2009 02:40 p.m. 587216]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 26efeaee;26efeaee;c:\windows\system32\drivers\26efeaee.sys [28/10/2009 07:57 p.m. 0]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [06/03/2009 12:12 p.m. 24064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/01/2009 04:17 p.m. 7408]
S3 seculay;Security Layer;c:\windows\system32\drivers\SecuLay.sys [28/10/2009 05:22 p.m. 4096]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - BEEP
*NewlyCreated* - classpnp_2
*NewlyCreated* - mbr
*NewlyCreated* - pciidex_2
*Deregistered* - classpnp_2
*Deregistered* - mbr
*Deregistered* - pciidex_2
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773}]
"c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{4175c5f3-d47f-143b-dd4d-e67a0eb4e773}]
"c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-10-30 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
2009-10-30 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
2009-10-30 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-09-21 19:46]
.
.
------- Supplementary Scan -------
.
mStart Page =
hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0309&m=aoa150IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JuneBee\Application Data\Mozilla\Firefox\Profiles\5uzncmt6.default\
FF - plugin: c:\documents and settings\JuneBee\Application Data\Mozilla\Firefox\Profiles\5uzncmt6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000005.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-83003115 - c:\docume~1\ALLUSE~1\APPLIC~1\83003115\83003115.exe
HKLM-Run-77647132 - c:\docume~1\ALLUSE~1\APPLIC~1\77647132\77647132.exe
HKLM-Run-70649632 - c:\docume~1\ALLUSE~1\APPLIC~1\70649632\70649632.exe
HKLM-Run-02878833 - c:\docume~1\ALLUSE~1\APPLIC~1\02878833\02878833.exe
HKLM-Run-16365930 - c:\docume~1\ALLUSE~1\APPLIC~1\16365930\16365930.exe
HKLM-Run-08741323 - c:\docume~1\ALLUSE~1\APPLIC~1\08741323\08741323.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-29 22:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
c:\documents and settings\JuneBee\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe [916] 0x85168B28
scanning hȋdden autostart entries ...
scanning hȋdden files ...
c:\windows\system32\reg32 .exe 30208 bytes executable
scan completed successfully
hȋdden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\45b46bca]
"ImagePath"="\SystemRoot\System32\drivers\45b46bca.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a0d2fd81]
"ImagePath"="\SystemRoot\System32\drivers\a0d2fd81.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\ParetoLogic\Anti-Virus PLUS\Pareto_AV.exe
c:\acer\Empowering Technology\eRecovery\eRAgent .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\progra~1\LAUNCH~1\QtZgAcer .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\docume~1\JuneBee\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\docume~1\JuneBee\LOCALS~1\Temp\ctv145.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-10-30 22:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-30 02:29
Pre-Run: 141,868,634,112 bytes free
Post-Run: 141,220,454,400 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - CB30168593103D4AC2A49C3DB12DA2CE