Hi - attached is a Combo Fix, Malwarebytes' Anti-Malware & a fresh HJT Log files as requested.
Never suspected the program PerfectOptimizer was a Rogue.PerfectOptimzier. Although nothing should be a surprise in today's computer virus/malware world!
System Restore always gave a error message that it was not active but when you tried to activate it it was already checked as working? Combo Fix successfully reinstalled it. That's a PLUS.
Attempted to install AVG but it FAILED due to a missing file error message. Your AVG link is a dead link.
Before scans and deleting suspicious files I could not run SpyBot or Malwarewbyte as if they were being blocked.
Computer operation is faster, System Restore has been restored and now I can run Malwarebyte. .
======================================================================================================================
ComboFix 09-08-01.09 - TENMEG 08/02/2009 10:49.1.1 - NTFSx86
Running from: c:\malware2009\Combo-Fix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.
Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-3554313866-1504290983-2056860485-1003
c:\windows\system32\drivers\ESQULkkysfygvmlfayvelctkmxjdtjccrksvx.sys
c:\windows\system32\ESQULljlotwqmvykutiabuxndykestwyhnmgh.dll
c:\windows\system32\ESQULyebwyargopllfvejbfdxvruuviecjcja.dll
c:\windows\system32\SrchSTS.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ESQULserv.sys
((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.
2009-08-02 03:34 . 2009-08-02 17:25 -------- dc----w- C:\malware2009
2009-07-28 01:51 . 2009-07-30 21:18 -------- dc----w- C:\HiJack2009
2009-07-28 00:44 . 2009-08-02 17:57 268435456 --sha-w- c:\windows\system32\temppf.sys
2009-07-27 21:48 . 2009-07-27 23:40 -------- dc----w- C:\SpreadSheet
2009-07-27 21:44 . 2009-07-27 21:44 -------- dc----w- c:\documents and settings\TENMEG\Application Data\licenses
2009-07-27 21:44 . 2009-07-27 21:46 -------- dc----w- c:\documents and settings\TENMEG\Application Data\PCMM2009
2009-07-27 05:12 . 2009-04-10 13:58 6327408 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\in00000\setup.exe
2009-07-27 05:12 . 2009-04-10 13:55 725296 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ar00000\install.exe
2009-07-27 05:12 . 2008-02-29 12:42 386496 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-07-27 01:20 . 2009-07-27 01:22 -------- dc----w- c:\program files\Microsoft Windows OneCare Live
2009-07-26 20:55 . 2009-07-27 01:27 -------- dc----w- c:\program files\Windows Live Safety Center
2009-07-26 19:56 . 2009-07-26 19:56 78112 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 19:56 . 2009-07-26 19:56 -------- dc----w- c:\documents and settings\Administrator\Application Data\muvee Technologies
2009-07-26 19:40 . 2009-07-26 19:40 16409960 -c--a-w- c:\program files\ypsybotsd162.exe
2009-07-26 18:42 . 2009-07-26 18:42 6291731 -c--a-w- c:\program files\setupxv.exe
2009-07-26 18:30 . 2009-07-26 18:30 1460840 -c--a-w- c:\program files\HousecallLauncher.exe
2009-07-26 18:21 . 2009-07-26 18:21 -------- dc----w- c:\documents and settings\TENMEG\.housecall6.6
2009-07-25 18:55 . 2009-07-25 18:55 -------- dc----w- c:\program files\Downloaded Installers
2009-07-25 04:01 . 2009-07-25 04:21 -------- dc----w- C:\MediaPlayer
2009-07-25 00:25 . 2009-07-25 00:25 25740144 -c--a-w- C:\wmp11-windowsxp-x86-enu.exe
2009-07-17 22:52 . 2009-07-17 22:53 -------- dc----w- C:\Trailers Silver
2009-07-15 15:28 . 2009-07-17 17:46 -------- dc----w- C:\DirectTV
2009-07-12 19:12 . 2009-07-12 19:13 -------- dc----w- C:\MootorHomes
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-09 15:05 . 2009-07-09 15:06 -------- dc----w- C:\Home Projects
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 17:21 . 2006-01-21 02:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 04:14 . 2006-10-24 18:32 -------- d-----w- c:\program files\WinAce
2009-08-01 14:10 . 2008-11-29 19:54 -------- d-----w- c:\program files\Perfect Optimizer
2009-07-30 21:10 . 2009-04-08 16:50 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-07-30 21:10 . 2009-04-08 16:50 -------- dc----w- c:\program files\NOS
2009-07-30 21:09 . 2006-12-29 16:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 01:09 . 2006-12-29 16:06 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-27 05:13 . 2008-08-11 05:28 -------- dc----w- c:\documents and settings\TENMEG\Application Data\mjusbsp
2009-07-27 00:56 . 2008-11-12 20:40 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\qnahadqf
2009-07-27 00:56 . 2008-11-12 20:40 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\mjizavcl
2009-07-26 20:42 . 2008-08-09 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 20:40 . 2008-08-27 04:59 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2009-07-26 20:38 . 2009-07-30 23:43 8530 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2009-07-24 19:59 . 2008-09-26 03:56 -------- dc----w- c:\documents and settings\TENMEG\Application Data\Sites
2009-07-21 20:46 . 2008-09-26 03:56 -------- dc----w- c:\documents and settings\TENMEG\Application Data\SiteClasses
2009-07-12 19:13 . 2008-08-17 16:30 2438 -c--a-w- c:\documents and settings\TENMEG\Application Data\wklnhst.dat
2009-06-26 03:56 . 2008-08-17 16:25 -------- dc----w- c:\documents and settings\TENMEG\Application Data\Intuit
2009-06-24 17:12 . 2008-12-04 22:09 65823 -c--a-w- c:\documents and settings\TENMEG\Application Data\magicJackOutlookAddIn\magicJackOutlookAddInUninst.exe
2008-09-05 04:35 . 2008-09-05 04:36 785920 -c--a-w- c:\program files\HP Product Detection.msi
2008-09-05 04:35 . 2008-09-05 04:36 3584 -c--a-w- c:\program files\1033.MST
2008-08-20 00:28 . 2008-08-20 00:28 461 -c--a-w- c:\program files\Shortcut to iTunes.lnk
2008-06-26 22:22 . 2008-06-26 22:22 812344 -c--a-w- c:\program files\HJTInstall.exe
2006-03-09 21:32 . 2006-03-09 21:32 3752 -c--a-w- c:\program files\SP32338.CVA
2006-02-21 08:12 . 2006-02-21 08:12 11085 -c--a-w- c:\program files\cpl309bk.cat
2006-02-06 21:02 . 2006-02-06 21:02 32572 -c--a-w- c:\program files\cpl309bk.inf
2006-01-26 07:53 . 2006-01-26 07:53 472 -c--a-w- c:\program files\cpl309bk.ini
2005-08-22 22:07 . 2005-08-22 22:07 1035008 -c--a-w- c:\program files\HSF_DPV.sys
2005-08-22 21:06 . 2005-08-22 21:06 231424 -c--a-w- c:\program files\HSFHWATI.sys
2005-08-22 21:06 . 2005-08-22 21:06 718464 -c--a-w- c:\program files\HSF_CNXT.sys
2005-08-18 17:13 . 2005-08-18 17:13 133528 -c--a-w- c:\program files\HSFProf.cty
2005-08-12 20:01 . 2005-08-12 20:01 577536 -c--a-w- c:\program files\HXFSetup.exe
2005-06-20 14:57 . 2005-06-20 14:57 110592 -c--a-w- c:\program files\uci32100.dll
2004-03-17 16:04 . 2004-03-17 16:04 13059 -c--a-w- c:\program files\MDMXSDK.sys
2004-03-17 16:00 . 2004-03-17 16:00 86016 -c--a-w- c:\program files\MdmXSdk.dll
2002-02-04 20:39 . 2002-02-04 20:39 23 -c--a-w- c:\program files\disk1
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
------- Sigcheck -------
[-] 2004-08-04 08:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2004-08-04 08:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[-] 2008-12-08 20:16 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll
[-] 2004-08-04 08:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2004-08-04 08:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\ie7\wininet.dll
[-] 2006-11-08 05:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2007-01-12 17:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\system32\wininet.dll
[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-04 08:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-04 08:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[-] 2004-08-04 08:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys
[-] 2004-08-04 08:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-04 08:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\system32\ntkrnlpa.exe
[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-04 08:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\system32\ntoskrnl.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-04 08:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2004-08-04 08:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe
[-] 2004-08-04 08:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[-] 2004-08-04 08:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-04 08:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[-] 2004-08-04 08:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[-] 2004-08-04 08:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll
[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2004-08-04 08:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\system32\kernel32.dll
[-] 2004-08-04 08:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[-] 2004-08-04 08:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[-] 2005-05-02 20:57 3014144 DCC5C79B99F02EEF8C826B074DBFC222 c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2006-03-23 20:31 3055616 ABCD123F888E4E97C8751378CCCC4F26 c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2006-05-19 15:06 3055104 8687E029BE63C77D4919485068C54D77 c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-07-28 11:30 3058176 D251679BD9EF0250201FB899EC40FD32 c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-09-14 08:31 3058688 CEFEA1C301139A817931BE132F0359FE c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2007-03-07 18:40 3582976 DA297A862E5F093A07D37C05F608C686 c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 09:25 3584000 1D4E3B86C601A2497C99790CC4D7DF26 c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-07-18 21:09 3584000 7CE243CFD47AD0DC431586CB8C542A11 c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-08-20 10:02 3592192 AA8A4BD78D24FCDB96DDAEE3756AA372 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 23:48 3593216 54D8B404F17AA74C666F7F3AEF2AE459 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-12-07 02:01 3593216 976C46ED4A75FC66D9C596778898CE1E c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 13:03 3593216 4EE273E2B09317C1217EF0DB91F93534 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 03:35 3593728 4D612FF5D3B7EEF200595AE6F95D5E68 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2004-08-04 08:00 3003392 376E0843B2356CA91CEC8D9837A56FF7 c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2005-05-02 21:52 3012608 DCFAC5470EE0A159EC4222BC28AE3EE6 c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2006-03-23 20:32 3053568 DEAA438EA31095E14A196FF647E38D13 c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-05-19 15:08 3052544 284CE76B71DD5260B42A3CCF0135AF67 c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-07-28 11:28 3054080 C7074DA3D8F8C0F6C03874BA0B05069C c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-09-14 08:39 3054592 BE45460D1453B7342E01EAE79BFBC681 c:\windows\ie7\mshtml.dll
[-] 2006-11-08 05:03 3577856 CBF04597F9CF7739E572276A2698FDD3 c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2007-01-12 17:27 3580416 5D45318804A30CE9D6EA83066E84B4A7 c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2007-03-07 17:45 3581952 190E1AE9B973049B12A67BAD478C770C c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-05-08 09:24 3583488 5D90A7200F72DACE663EE78DE234FCC7 c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-07-19 06:59 3583488 BD609A26B683332A0E0E1445C5724851 c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-08-20 10:04 3584512 E267EE248CDA7667C19001C069DE867B c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-10-30 23:42 3590656 8AB7ECF59D6EBBE986277B65ED4A40A1 c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-12-08 05:21 3592192 A097C36412455F0C7E42377FAF8809B7 c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2008-03-02 01:36 3591680 AB2C88167D78D71D93558ACECB24CC7A c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-04-24 05:16 3591680 8976CAB317105F7431B08EA32AB73C65 c:\windows\system32\mshtml.dll
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys
[-] 2004-08-04 08:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll
[-] 2004-08-04 08:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll
[-] 2004-08-04 08:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys
[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2004-08-04 06:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 08:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\mfc40u.dll
[-] 2005-01-14 05:07 395776 94456045BEB4545B5EBE1DCC85951AFA c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-04-28 19:35 396288 DA383FB39A6F1C445F3AFC94B3EB1248 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2004-08-04 08:00 395776 5C83A4408604F737717AB96371201680 c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2005-01-14 08:55 395776 419899803CA479B73B02390318C787C0 c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:31 395776 C8061F289E000703E7672916B7FE1571 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\system32\rpcss.dll
[-] 2004-08-04 08:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll
[-] 2004-08-04 08:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\comctl32.dll
[-] 2004-08-04 08:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 08:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 08:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys
[-] 2004-08-04 08:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll
[-] 2004-08-04 08:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll
[-] 2004-08-04 08:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll
[-] 2004-08-04 08:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys
[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2004-08-04 06:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys
[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2004-08-04 08:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-04 08:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtUninstallKB888402$\srsvc.dll
[-] 2004-11-17 23:25 171008 902CF9595F640E53F33C0F1637F464F9 c:\windows\system32\srsvc.dll
[-] 2004-08-04 08:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe
[-] 2004-08-04 08:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll
[-] 2004-08-04 08:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll
[-] 2004-08-04 08:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"PerfectOptimizer"="c:\program files\Perfect Optimizer\PerfectOptimizer.exe" [2008-10-02 2586112]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-04 185896]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]
c:\documents and settings\user\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]
c:\documents and settings\User.2WIRE200\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]
c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-8-5 450560]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0sdearlydelete\0autocheck autochk *
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"IDriverT"=2 (0x2)
"CryptSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop 5.0\\Photoshp.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\aceftp3free.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\TENMEG\\Application Data\\mjusbsp\\magicJack.exe"=
R3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys [2004-01-05 705536]
R3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\lgatbus.sys [2005-06-14 43024]
R3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\DRIVERS\lgatmdm.sys [2005-06-14 77104]
R3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\DRIVERS\lgatserd.sys [2005-06-14 60816]
R3 RTCore32;RTCore32;c:\program files\RightMark Memory Analyzer\RTCore32.sys [x]
R3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\uts_bus.sys [2007-12-05 84352]
R3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\DRIVERS\uts_mdfl.sys [2007-12-05 14976]
R3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\DRIVERS\uts_mdm.sys [2007-12-05 110848]
R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\uts_serd.sys [2007-12-05 90880]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{8D84414D-41D3-412E-3046-A1CFAE460B03} - (no file)
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page =
hxxp://hp-laptop.aol.com/mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext =
hxxp://www.personalfirewall.comodo.com/ ... CF6FF3F27FuSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: turbotax.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-02 10:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ESQULserv.sys]
"imagepath"="\systemroot\system32\drivers\ESQULdedwxnorqgkaeylawpyndmeyyaunvear.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-986089347-3572095111-2355310880-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9BF370D9-6452-42F3-7346-90DC10C441BA}*]
"iaogpmbcgnehhamfko"=hex:6b,61,6b,6c,63,65,6c,70,70,68,6e,67,65,65,65,6c,6f,70,
64,67,67,69,00,00
"haigjkomffndeefd"=hex:6b,61,6b,6c,63,65,6c,70,70,68,6e,67,65,65,65,6c,6f,70,
64,67,67,69,00,00
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ESQULserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ESQULdedwxnorqgkaeylawpyndmeyyaunvear.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(288)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\locator.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-02 11:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 18:03
Pre-Run: 9,094,701,056 bytes free
Post-Run: 9,177,022,464 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
375 --- E O F --- 2008-08-05 00:51
=====================================================================================================================
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2
8/2/2009 11:53:48 AM
mbam-log-2009-08-02 (11-53-48).txt
Scan type: Full Scan (C:\|)
Objects scanned: 206061
Time elapsed: 39 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 16
Files Infected: 79
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\perfect optimizer (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0b55e43a-4448-42f7-be03-9faa74b91eef} (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5b6c6a9-b59f-4990-b976-38c7d6bdfb4d} (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PerfectOptimizer.exe (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\perfectoptimizer (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\TENMEG\Start Menu\Programs\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Application (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\FirstBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\FullBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Update (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Registry Mighty (Rogue.RegistryMighty) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Perfect Optimizer\PerfectOptimizer.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\spreadsheet\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\PerfectOptimizerShell.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SEClean.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\uninst.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Update.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\PerfectOptimizer.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\PerfectOptimizerShell.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SEClean.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\uninst.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\Update.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\PerfectOptimizer.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\SEClean.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\SERes.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\TENMEG\start menu\Programs\perfect optimizer\Perfect Optimizer.lnk (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\documents and settings\TENMEG\start menu\Programs\perfect optimizer\Uninstall.lnk (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\documents and settings\TENMEG\start menu\Programs\perfect optimizer\Website.lnk (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\License.ini (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\MFC42D.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\MFCO42D.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\MSVCRTD.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Perfect Optimizer.url (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\PerfectOptimizerOCX.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SEActiveX.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SECleaner.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SERes.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SEStyle.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SESystem.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\License.ini (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\MFC42D.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\MFCO42D.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\MSVCRTD.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\Perfect Optimizer.url (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\PerfectOptimizerOCX.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SEActiveX.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SECleaner.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SERes.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SEStyle.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SESystem.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\firstbackup\20081129125448.Reg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\fullbackup\20081215100233.Reg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Service\backup_service.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Service\Default.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\campus_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\default_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\home_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\interner_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\notebook_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\office_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\ActiveX.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Bad.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Check.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\CleanEvidence.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\CleanHardDisk.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Disk.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\DotLine.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Error.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Frame.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Good.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Progrss.bmp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\RegistryClean.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\SEM_RSO_BG.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\StartupOptimize.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\SystemOptimize.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Time.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Top.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Uncheck.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Warning.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Win.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\campus_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\default_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\home_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\interner_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\notebook_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\office_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Update\Update.zip (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\registry mighty\RegistryMighty.exe (Rogue.RegistryMighty) -> Quarantined and deleted successfully.
c:\documents and settings\TENMEG\Desktop\Perfect Optimizer.lnk (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
=================================================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:01 PM, on 8/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://hp-laptop.aol.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.personalfirewall.comodo.com/ ... CF6FF3F27FO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-986089347-3572095111-2355310880-1007\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User '?')
O4 - HKUS\S-1-5-21-986089347-3572095111-2355310880-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se1140.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 9970259671O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 9971399281O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
--
End of file - 7770 bytes