My searches get stolen

P

paltieldav

New Member
When I do a search on google or yahoo when I click on any of the results some random search engine like bing or one I never heard of comes up instead. Or sometimes an ad.

I have Avg security Ive scanned with that and nothing. I've scanned with spybot and malbytesmalware still nothing.

the ip adress that pops up often is 67.201.36.16

Any help would be great!
 
Please follow this procedure so I know you are running the latest version of malwarebytes or post the log from your last scan along with a hijackthis log.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware


Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
Info Requested

Thank you for your help here are the logs. Malware found nothing it seems.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4422

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/12/2010 11:02:13 AM
mbam-log-2010-08-12 (11-02-13).txt

Scan type: Quick scan
Objects scanned: 136761
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here's Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:30 AM, on 8/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP HDX Mouse\hid.exe
C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP HDX Mouse\Tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Metamorphosis\Gemara\Txt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [TSMAgent] c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ASORegistryOptimizer] "C:\Program Files\Advanced System Optimizer 3\RegistryOptimizer.exe" -StartedAfterOptimization
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///H:/setup/RiffLick.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASO3DiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 10079 bytes


I ran scans lst night ebfore I saw the post and thought I cleared up teh issue. It was fine all night and even this morning for a bit. But allof a sudden it started again.

Thanks
 
Lets scan a little deeper into your system.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
Here is the lates info. It seems to be working but its has done that before and then started having issues again. Thank you!

ComboFix 10-08-12.02 - BrodskyFamily 08/12/2010 17:20:27.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1918.840 [GMT -4:00]
Running from: c:\users\BrodskyFamily\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.

2010-08-12 21:28 . 2010-08-12 21:28 -------- d-----w- c:\users\BrodskyFamily\AppData\Local\temp
2010-08-12 21:28 . 2010-08-12 21:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-12 21:28 . 2010-08-12 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-12 21:28 . 2010-08-12 21:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-12 15:13 . 2010-08-12 15:13 -------- d-----w- c:\program files\Trend Micro
2010-08-11 13:35 . 2010-08-11 13:35 63488 ----a-w- c:\users\BrodskyFamily\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-11 13:35 . 2010-08-11 13:35 52224 ----a-w- c:\users\BrodskyFamily\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-11 13:35 . 2010-08-11 13:35 117760 ----a-w- c:\users\BrodskyFamily\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-11 13:34 . 2010-08-11 13:34 -------- d-----w- c:\users\BrodskyFamily\AppData\Roaming\SUPERAntiSpyware.com
2010-08-11 13:34 . 2010-08-11 13:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-11 13:34 . 2010-08-12 17:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-11 07:00 . 2010-08-12 21:00 1852 ----a-w- c:\windows\system32\ASOROSet.bin
2010-08-11 07:00 . 2010-04-19 21:15 15080 ----a-w- c:\windows\system32\ROBoot.exe
2010-08-11 03:32 . 2010-08-11 03:32 -------- d-----w- c:\programdata\Systweak
2010-08-11 03:31 . 2010-01-30 19:00 17136 ----a-w- c:\windows\system32\sasnative32.exe
2010-08-11 03:31 . 2010-08-11 04:12 -------- d-----w- c:\program files\Advanced System Optimizer 3
2010-08-10 15:55 . 2010-08-10 15:55 -------- d-----w- c:\program files\eBook Organizer
2010-08-10 15:42 . 2010-08-10 15:42 -------- d-----w- c:\users\BrodskyFamily\AppData\Local\Alfa.NetSoft_2010
2010-08-10 15:41 . 2010-08-10 15:42 17542 ----a-r- c:\users\BrodskyFamily\AppData\Roaming\Microsoft\Installer\{E2500677-5D30-46A1-8BCD-6D14B1B8F0CB}\_B963DC1AE2A662A5E051C2.exe
2010-08-10 15:41 . 2010-08-10 15:42 17542 ----a-r- c:\users\BrodskyFamily\AppData\Roaming\Microsoft\Installer\{E2500677-5D30-46A1-8BCD-6D14B1B8F0CB}\_853F67D554F05449430E7E.exe
2010-08-10 15:41 . 2010-08-10 15:42 17542 ----a-r- c:\users\BrodskyFamily\AppData\Roaming\Microsoft\Installer\{E2500677-5D30-46A1-8BCD-6D14B1B8F0CB}\_1A82191313E3D496C01073.exe
2010-08-10 15:41 . 2010-08-10 15:41 -------- d-----w- c:\program files\Alfa.NetSoft
2010-08-10 12:23 . 2010-08-10 12:23 -------- d-----w- c:\users\BrodskyFamily\AppData\Roaming\Malwarebytes
2010-08-10 12:23 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-10 12:23 . 2010-08-10 12:23 -------- d-----w- c:\programdata\Malwarebytes
2010-08-10 12:23 . 2010-08-10 12:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-10 12:23 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-10 01:45 . 2010-08-10 03:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-10 01:45 . 2010-08-10 01:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-10 01:41 . 2010-08-10 01:41 -------- d-----w- c:\users\BrodskyFamily\AppData\Roaming\EMCO
2010-08-10 01:41 . 2010-08-10 01:41 -------- d-----w- c:\program files\EMCO
2010-08-10 01:13 . 2010-08-10 01:13 -------- d-----w- c:\program files\Unlocker
2010-08-09 23:52 . 2010-08-09 23:52 57344 --sha-r- c:\windows\system32\umpnpmgrc.dll
2010-08-09 17:51 . 2003-06-20 07:30 28672 ------w- c:\windows\system32\AppMode.dll
2010-08-09 17:51 . 2003-03-20 03:56 802870 ----a-w- c:\windows\system32\MFCO42UD.DLL
2010-08-09 17:51 . 2003-03-20 03:56 798773 ----a-w- c:\windows\system32\MFCO42D.DLL
2010-08-09 17:51 . 2003-03-20 03:56 516173 ----a-w- c:\windows\system32\MSVCP60D.DLL
2010-08-09 17:51 . 2003-03-20 03:56 385100 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-08-09 17:51 . 2003-03-20 03:56 942133 ----a-w- c:\windows\system32\MFC42UD.DLL
2010-08-09 17:51 . 2003-03-20 03:56 929844 ----a-w- c:\windows\system32\MFC42D.DLL
2010-08-09 17:51 . 2003-03-20 03:52 118818 ----a-w- c:\windows\system32\Dctn.dll
2010-08-09 17:51 . 2010-08-09 17:51 -------- d-----w- c:\program files\Metamorphosis
2010-07-21 13:45 . 2010-07-21 13:45 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-21 13:45 . 2010-07-21 13:45 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-07-21 13:45 . 2010-07-21 13:45 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 21:07 . 2009-10-16 00:25 -------- d-----w- c:\users\BrodskyFamily\AppData\Roaming\uTorrent
2010-08-11 10:41 . 2009-10-16 00:01 -------- d-----w- c:\program files\Microsoft Works
2010-08-11 10:40 . 2009-10-16 01:59 -------- d-----w- c:\programdata\Microsoft Help
2010-08-11 10:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-11 04:29 . 2010-01-08 00:05 -------- d-----w- c:\program files\Advanced System Optimizer
2010-08-11 03:32 . 2010-01-08 00:06 -------- d-----w- c:\users\BrodskyFamily\AppData\Roaming\Systweak
2010-08-09 17:51 . 2009-10-09 16:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 00:21 . 2010-06-02 00:50 -------- d-----w- c:\program files\Google
2010-07-05 02:41 . 2010-04-08 11:59 439816 ----a-w- c:\users\BrodskyFamily\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-06-30 22:00 . 2009-12-20 18:49 -------- d-----w- c:\program files\POP613
2010-06-30 21:02 . 2010-03-21 19:16 -------- d-----w- c:\program files\ABC Amber PDF Converter
2010-06-30 21:02 . 2010-03-21 00:16 -------- d-----w- c:\program files\ABC Amber LIT Converter
2010-06-30 20:25 . 2010-06-06 12:09 -------- d-----w- c:\program files\Movie Player
2010-06-30 16:26 . 2009-10-09 17:04 -------- d-----w- c:\program files\JunoPreloader
2010-06-30 16:17 . 2009-12-06 23:44 -------- d-----w- c:\program files\Ziosoft
2010-06-30 16:15 . 2009-12-30 23:05 -------- d-----w- c:\users\BrodskyFamily\AppData\Roaming\IGN_DLM
2010-06-30 16:01 . 2009-12-24 21:45 -------- d-----w- c:\programdata\WinZip
2010-06-26 06:05 . 2010-08-11 03:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 03:54 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 03:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 03:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 12:47 . 2009-10-16 02:02 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 21:07 . 2010-06-24 21:07 -------- d-----w- c:\program files\Xilisoft
2010-06-24 21:07 . 2010-06-24 21:04 -------- d-----w- c:\program files\Tansee iPod Transfer
2010-06-22 12:57 . 2009-12-15 13:15 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-22 12:57 . 2010-06-22 12:57 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-22 12:57 . 2009-12-15 13:15 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-06-22 12:57 . 2009-12-15 13:15 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-21 13:37 . 2010-08-11 03:54 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 03:54 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 03:54 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 03:54 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-17 22:35 . 2010-06-17 22:34 -------- d-----w- c:\program files\iTunes
2010-06-17 22:34 . 2010-06-17 22:34 -------- d-----w- c:\program files\iPod
2010-06-17 22:34 . 2010-01-04 21:52 -------- d-----w- c:\program files\Common Files\Apple
2010-06-17 22:34 . 2010-01-04 21:56 -------- d-----w- c:\programdata\Apple Computer
2010-06-17 22:27 . 2010-06-17 22:27 -------- d-----w- c:\program files\Bonjour
2010-06-17 22:14 . 2010-06-17 22:14 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-16 16:04 . 2010-08-11 03:54 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-11 03:54 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-11 03:54 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-11 03:54 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 03:54 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-01 13:52 . 2009-12-15 13:15 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 20:08 . 2010-08-11 03:54 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-10 22:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 22:06 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-18 21:28 . 2009-10-16 00:16 652 ----a-w- c:\users\BrodskyFamily\AppData\Roaming\wklnhst.dat
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-12-13 01:57 . 2009-12-13 01:57 8 --sh--r- c:\windows\System32\02793C9F5B.dll
2009-10-09 17:11 . 2009-10-09 17:10 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-02-22 17:05 2353176 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-16 322352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-08 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-08 92704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-22 2065760]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-10 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\g:\0autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):80,38,43,3d,84,4e,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-662524246-327712245-493190257-1000]
"EnableNotificationsRef"=dword:00000001

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 136176]
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [2010-01-30 6656]
R3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-02-02 20848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-06-22 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-05 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-12-15 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-22 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-22 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files\Advanced System Optimizer 3\ASO3DefragSrv.exe [2010-04-19 238824]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-22 2331032]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-06-22 122448]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-06-22 30288]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-06-22 27216]
S3 GamingMsFltr;HP HDX Mouse;c:\windows\system32\drivers\gamingms.sys [2009-08-19 8960]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 00:50]

2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-02 00:50]

2010-08-08 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 19:00]

2010-08-10 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-08-10 19:31]

2010-08-12 c:\windows\Tasks\User_Feed_Synchronization-{FFBF753F-AA75-47D7-BA6F-F8A07EF11E54}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///H:/setup/RiffLick.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-12 17:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{4F253FFC-7957E8FC-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-12 17:31:26
ComboFix-quarantined-files.txt 2010-08-12 21:31
ComboFix2.txt 2010-08-12 21:18

Pre-Run: 139,124,862,976 bytes free
Post-Run: 138,946,781,184 bytes free

- - End Of File - - 85D94B384E1ADDF085328C92CCA96C79


Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:44:35 PM, on 8/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Advanced System Optimizer 3\SystemProtector.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [TSMAgent] c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///H:/setup/RiffLick.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASO3DiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8802 bytes
 
Ok, I think I know where your problem is coming from.. Where did you get this software from?

O4 - HKCU\..\Run: [ASORegistryOptimizer] "C:\Program Files\Advanced System Optimizer 3\RegistryOptimizer.exe" -StartedAfterOptimization

Was it from a torrent, I see that you have utorrent installed. Have you scanned with Superantispyware as well, I see that you have that installed to?

Please do the following.

1. Download and run Ccleaner.

http://download.cnet.com/ccleaner/

Install the program and then set the options that are checked in the attached image. Then click on run cleaner.

2. Post an uninstall list using hijackthis. Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it, then copy and paste it back here.
 

Attachments

  • ccleaner.JPG
    ccleaner.JPG
    76.3 KB · Views: 74
You must log in or register to reply here.
Back
Top