Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.784 [GMT 7:00]
Running from: c:\users\Compaq\AppData\Local\Temp\wlqbrhoq.tmp\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Perfect Optimizer
c:\program files\Perfect Optimizer\ActiveX.dat
c:\program files\Perfect Optimizer\Apps.dat
c:\program files\Perfect Optimizer\Components.dat
c:\program files\Perfect Optimizer\config\about.bmp
c:\program files\Perfect Optimizer\config\head.jpg
c:\program files\Perfect Optimizer\config\Menu.xml
c:\program files\Perfect Optimizer\config\PerfectOptimzer.chm
c:\program files\Perfect Optimizer\config\register.jpg
c:\program files\Perfect Optimizer\config\splash.jpg
c:\program files\Perfect Optimizer\config\website.url
c:\program files\Perfect Optimizer\Data\Service\a.bat
c:\program files\Perfect Optimizer\Data\Service\b.bat
c:\program files\Perfect Optimizer\Data\Service\campus_model.bat
c:\program files\Perfect Optimizer\Data\Service\default_model.bat
c:\program files\Perfect Optimizer\Data\Service\home_model.bat
c:\program files\Perfect Optimizer\Data\Service\interner_model.bat
c:\program files\Perfect Optimizer\License.dll
c:\program files\Perfect Optimizer\MiracleLib.dll
c:\program files\Perfect Optimizer\PerfectOptimizer.ini
c:\program files\Perfect Optimizer\SERepair.DLL
c:\program files\Perfect Optimizer\SERes.DLL
c:\program files\Perfect Optimizer\SEShred.DLL
c:\program files\Perfect Optimizer\SEStyle.DLL
c:\program files\Perfect Optimizer\unins000.dat
c:\program files\Perfect Optimizer\unins000.exe
c:\program files\Perfect Optimizer\Update.exe
c:\program files\Perfect Optimizer\website.url
c:\users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Optimizer
c:\users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Optimizer\Perfect Optimizer.lnk
c:\users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Optimizer\Uninstall.lnk
c:\users\Compaq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect Optimizer\Website.lnk
c:\windows\system32\AutoRun.inf
c:\windows\system32\my_heart.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-13 to 2010-10-13 )))))))))))))))))))))))))))))))
.
2010-10-13 13:12 . 2010-10-13 13:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-12 18:59 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78E80703-6B78-41A0-AB6F-DD43742821C9}\mpengine.dll
2010-10-12 15:35 . 2010-10-12 15:35 -------- d-----w- c:\program files\iPod
2010-10-12 15:32 . 2010-10-12 15:32 -------- d-----w- c:\program files\Bonjour
2010-10-06 10:28 . 2010-10-06 10:28 -------- d-----w- c:\users\Guest
2010-10-03 13:34 . 2010-10-03 13:34 -------- d-----w- C:\output
2010-09-26 22:55 . 2008-06-14 07:17 1049272 ------w- c:\windows\wweb32.dll
2010-09-26 22:55 . 2010-09-26 22:55 -------- d-----w- c:\program files\WordWeb
2010-09-23 16:44 . 2010-09-23 16:44 -------- d-----w- c:\program files\Safari
2010-09-23 16:20 . 2010-10-12 15:35 -------- d-----w- c:\program files\iTunes
2010-09-23 13:43 . 2010-09-23 13:43 -------- d-----w- c:\users\Compaq\AppData\Roaming\Mikrotik
2010-09-22 06:28 . 2010-09-22 06:28 -------- d-----w- c:\users\Compaq\AppData\Local\HP
2010-09-20 10:17 . 2010-09-20 10:17 -------- d-----w- c:\users\Compaq\AppData\Local\Scansoft
2010-09-20 10:03 . 2009-01-15 12:20 3072 ----a-w- c:\windows\system32\BrDctF2S.dll
2010-09-20 10:03 . 2007-12-13 15:16 73728 ----a-w- c:\windows\system32\BrDctF2.dll
2010-09-20 10:03 . 2007-12-13 15:16 5120 ----a-w- c:\windows\system32\BrDctF2L.dll
2010-09-20 10:03 . 2006-12-28 06:39 176128 ----a-w- c:\windows\system32\BroSNMP.dll
2010-09-20 10:03 . 2008-09-15 10:02 1530880 ----a-w- c:\windows\system32\BrWia08b.dll
2010-09-20 10:03 . 2008-08-27 11:50 51712 ----a-w- c:\windows\system32\BrUsi08b.dll
2010-09-20 10:03 . 2009-01-19 02:29 57344 ----a-w- c:\windows\system32\brprtink.dll
2010-09-20 10:02 . 2010-09-20 10:03 -------- d-----w- c:\program files\Brother
2010-09-20 10:02 . 2008-06-17 08:33 167936 ----a-w- c:\windows\system32\NSSearch.dll
2010-09-20 10:00 . 2010-09-20 10:00 -------- d-----w- c:\program files\Nuance
2010-09-20 09:58 . 2010-09-20 09:58 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-09-20 09:58 . 2010-09-20 10:00 -------- d-----w- c:\programdata\ScanSoft
2010-09-20 09:58 . 2010-09-20 09:58 -------- d-----w- c:\program files\ScanSoft
2010-09-20 09:57 . 2010-09-20 09:57 -------- d-----w- c:\programdata\Brother
2010-09-20 09:55 . 2010-09-20 09:55 -------- d-sh--r- c:\windows\system32\COMPAQ-PC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Compaq\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-20 135664]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\YspService.exe" [2010-04-01 243000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-06 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-06 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-06 138008]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-20 2048352]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-09-25 96929]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"WebcammaxMoniter"="c:\program files\WebcamMax\wcmmon.exe" [2009-09-25 449024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"My_Heartinstall printer aznor"="c:\windows\SYSTEM32\COMPAQ-PC\My_Heart.exe" [2010-08-14 249856]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-23 421160]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-8-25 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2424534143-1559001841-941419454-1000]
"EnableNotificationsRef"=dword:00000001
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2008-11-12 7680]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2008-11-12 110080]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2008-11-12 104960]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-31 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-08-23 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-31 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-31 297752]
S2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\CAMTHWDM.sys [2009-08-07 1053056]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2424534143-1559001841-941419454-1000Core.job
- c:\users\Compaq\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-20 01:21]
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2424534143-1559001841-941419454-1000UA.job
- c:\users\Compaq\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-20 01:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: {B45DE213-E3AC-49B5-A73B-7E8CEB0C7D8A} = 10.10.6.1
FF - ProfilePath - c:\users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\c2al947d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.id
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Compaq\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Compaq\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-{14FB4C04-0A21-4FE6-A2D2-13EA3B82A211}_is1 - c:\program files\Perfect Optimizer\unins000.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-13 20:15:19
ComboFix-quarantined-files.txt 2010-10-13 13:15
Pre-Run: 32,785,272,832 bytes free
Post-Run: 34,707,476,480 bytes free
- - End Of File - - 49558D9171F2F42179CC93E2086997FF