Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

can admin help me to diagnose this code.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

can admin help me to diagnose this code.

Unread postby izan » October 13th, 2010, 9:49 am

ComboFix 10-10-12.03 - Compaq 10/13/2010 20:06:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.784 [GMT 7:00]
Running from: c:\users\Compaq\AppData\Local\Temp\wlqbrhoq.tmp\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Perfect Optimizer
c:\program files\Perfect Optimizer\ActiveX.dat
c:\program files\Perfect Optimizer\Apps.dat
c:\program files\Perfect Optimizer\Components.dat
c:\program files\Perfect Optimizer\config\about.bmp
c:\program files\Perfect Optimizer\config\head.jpg
c:\program files\Perfect Optimizer\config\Menu.xml
c:\program files\Perfect Optimizer\config\PerfectOptimzer.chm
c:\program files\Perfect Optimizer\config\register.jpg
c:\program files\Perfect Optimizer\config\splash.jpg
c:\program files\Perfect Optimizer\config\website.url
c:\program files\Perfect Optimizer\Data\Service\a.bat
c:\program files\Perfect Optimizer\Data\Service\b.bat
c:\program files\Perfect Optimizer\Data\Service\campus_model.bat
c:\program files\Perfect Optimizer\Data\Service\default_model.bat
c:\program files\Perfect Optimizer\Data\Service\home_model.bat
c:\program files\Perfect Optimizer\Data\Service\interner_model.bat
c:\program files\Perfect Optimizer\License.dll
c:\program files\Perfect Optimizer\MiracleLib.dll
c:\program files\Perfect Optimizer\PerfectOptimizer.ini
c:\program files\Perfect Optimizer\SERepair.DLL
c:\program files\Perfect Optimizer\SERes.DLL
c:\program files\Perfect Optimizer\SEShred.DLL
c:\program files\Perfect Optimizer\SEStyle.DLL
c:\program files\Perfect Optimizer\unins000.dat
c:\program files\Perfect Optimizer\unins000.exe
c:\program files\Perfect Optimizer\Update.exe
c:\program files\Perfect Optimizer\website.url
c:\users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Optimizer
c:\users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Optimizer\Perfect Optimizer.lnk
c:\users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Optimizer\Uninstall.lnk
c:\users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Optimizer\Website.lnk
c:\windows\system32\AutoRun.inf
c:\windows\system32\my_heart.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.

2010-10-13 13:12 . 2010-10-13 13:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-12 18:59 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78E80703-6B78-41A0-AB6F-DD43742821C9}\mpengine.dll
2010-10-12 15:35 . 2010-10-12 15:35 -------- d-----w- c:\program files\iPod
2010-10-12 15:32 . 2010-10-12 15:32 -------- d-----w- c:\program files\Bonjour
2010-10-06 10:28 . 2010-10-06 10:28 -------- d-----w- c:\users\Guest
2010-10-03 13:34 . 2010-10-03 13:34 -------- d-----w- C:\output
2010-09-26 22:55 . 2008-06-14 07:17 1049272 ------w- c:\windows\wweb32.dll
2010-09-26 22:55 . 2010-09-26 22:55 -------- d-----w- c:\program files\WordWeb
2010-09-23 16:44 . 2010-09-23 16:44 -------- d-----w- c:\program files\Safari
2010-09-23 16:20 . 2010-10-12 15:35 -------- d-----w- c:\program files\iTunes
2010-09-23 13:43 . 2010-09-23 13:43 -------- d-----w- c:\users\Compaq\AppData\Roaming\Mikrotik
2010-09-22 06:28 . 2010-09-22 06:28 -------- d-----w- c:\users\Compaq\AppData\Local\HP
2010-09-20 10:17 . 2010-09-20 10:17 -------- d-----w- c:\users\Compaq\AppData\Local\Scansoft
2010-09-20 10:03 . 2009-01-15 12:20 3072 ----a-w- c:\windows\system32\BrDctF2S.dll
2010-09-20 10:03 . 2007-12-13 15:16 73728 ----a-w- c:\windows\system32\BrDctF2.dll
2010-09-20 10:03 . 2007-12-13 15:16 5120 ----a-w- c:\windows\system32\BrDctF2L.dll
2010-09-20 10:03 . 2006-12-28 06:39 176128 ----a-w- c:\windows\system32\BroSNMP.dll
2010-09-20 10:03 . 2008-09-15 10:02 1530880 ----a-w- c:\windows\system32\BrWia08b.dll
2010-09-20 10:03 . 2008-08-27 11:50 51712 ----a-w- c:\windows\system32\BrUsi08b.dll
2010-09-20 10:03 . 2009-01-19 02:29 57344 ----a-w- c:\windows\system32\brprtink.dll
2010-09-20 10:02 . 2010-09-20 10:03 -------- d-----w- c:\program files\Brother
2010-09-20 10:02 . 2008-06-17 08:33 167936 ----a-w- c:\windows\system32\NSSearch.dll
2010-09-20 10:00 . 2010-09-20 10:00 -------- d-----w- c:\program files\Nuance
2010-09-20 09:58 . 2010-09-20 09:58 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-09-20 09:58 . 2010-09-20 10:00 -------- d-----w- c:\programdata\ScanSoft
2010-09-20 09:58 . 2010-09-20 09:58 -------- d-----w- c:\program files\ScanSoft
2010-09-20 09:57 . 2010-09-20 09:57 -------- d-----w- c:\programdata\Brother
2010-09-20 09:55 . 2010-09-20 09:55 -------- d-sh--r- c:\windows\system32\COMPAQ-PC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Compaq\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01 243000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-20 2048352]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-09-25 96929]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"WebcammaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" [2009-09-25 449024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"My_Heartinstall printer aznor"="c:\windows\SYSTEM32\COMPAQ-PC\My_Heart.exe" [2010-08-14 249856]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-25 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2424534143-1559001841-941419454-1000]
"EnableNotificationsRef"=dword:00000001

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2008-11-12 7680]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2008-11-12 110080]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2008-11-12 104960]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-31 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-08-23 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-31 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-31 297752]
S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CAMTHWDM.sys [2009-08-07 1053056]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2424534143-1559001841-941419454-1000Core.job
- c:\users\Compaq\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-20 01:21]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2424534143-1559001841-941419454-1000UA.job
- c:\users\Compaq\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-20 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: {B45DE213-E3AC-49B5-A73B-7E8CEB0C7D8A} = 10.10.6.1
FF - ProfilePath - c:\users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\c2al947d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.id
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Compaq\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Compaq\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-{14FB4C04-0A21-4FE6-A2D2-13EA3B82A211}_is1 - c:\program files\Perfect Optimizer\unins000.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-13 20:15:19
ComboFix-quarantined-files.txt 2010-10-13 13:15

Pre-Run: 32,785,272,832 bytes free
Post-Run: 34,707,476,480 bytes free

- - End Of File - - 49558D9171F2F42179CC93E2086997FF
izan
Active Member
 
Posts: 1
Joined: October 13th, 2010, 9:40 am
Advertisement
Register to Remove

Re: can admin help me to diagnose this code.

Unread postby NonSuch » October 13th, 2010, 3:41 pm

Please familiarize yourself with the forum rules: >Forum Posting Rules - Please Read<

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log. Also include your ComboFix log in the same post.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 347 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware