0

Please please somebody help me !
I needed help to remove CiD pop-ups !!!!!!
I dont wanna to reformat and install everything programmes again
please ! help me to remove the pop-ups !
please i beg ! please help me
Below is my Hijackthis.log

Logfile of HijackThis v1.99.1
Scan saved at 8:33:57 PM, on 4/12/2009
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\EPSON\MyEpson Portal\mep.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDP.EXE
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Acer\HijackThis_199.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=1&o=vp32&d=0909&m=aspire
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=1&o=vp32&d=0909&m=aspire
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=1&o=vp32&d=0909&m=aspire
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [EPSON TX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDP.EXE /FU "C:\Windows\TEMP\E_S6048.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [bleh type] "C:\ProgramData\1 Anti Anti.qsrs39h"
O4 - HKCU\..\Run: [Axis Thunk Window Wma] "C:\ProgramData\UPLOAD MEOW REMOTE.mfrvyes"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-sg.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

3
Contributors
41
Replies
42
Views
7 Years
Discussion Span
Last Post by crunchie
Featured Replies
0

First of all get rid of this HiJackThis. The version is way out of date, at least two years old. Current version is version 2.0.2

But please follow these steps exactly, run all the programs, save the logs, reboot when advised and then last run a HiJackThis scan with the new version linked above.

Download ATF-Cleaner.exe by Atribune Save it to your desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the computer.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.

* Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Reboot the computer

Run a system scan with your new version of HiJackThis. Save the log.
Post back here with all three logs.
Judy

0

Thanks alot ! Really thank you for replying me
Apparently , the online scanner would stop working halfway while its scanning , so i didnt have the log file of the online scanner .
Below are the 2 log files

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:02 PM, on 5/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\EPSON\MyEpson Portal\mep.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=1&o=vp32&d=0909&m=aspire
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=1&o=vp32&d=0909&m=aspire
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [EPSON TX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDP.EXE /FU "C:\Windows\TEMP\E_S6048.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [bleh type] "C:\ProgramData\1 Anti Anti.qsrs39h"
O4 - HKCU\..\Run: [Axis Thunk Window Wma] "C:\ProgramData\UPLOAD MEOW REMOTE.mfrvyes"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-sg.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 10257 bytes

Malwarebytes' Anti-Malware 1.42
Database version: 3298
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18828

5/12/2009 12:17:57 PM
mbam-log-2009-12-05 (12-17-57).txt

Scan type: Full Scan (C:\|D:\|L:\|)
Objects scanned: 288927
Time elapsed: 34 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thannk you alot for the reply .
I appriciate the help given by you .
Thanks alot (:

0

You now appear to be running TWO anti-virus programs on the computer, BitDefender and AVG 9. When did you install AVG 9 as it did not appear on the previous log?
You need to completely Uninstall this as having two anti-virus programs on the same computer can cause major problems. Go to Add/Remove and Uninstall whichever program is current and up to date. After you do this please do the following:
Download ComboFix from Here or Here
You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
You must take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
Once the Windows Registry has finished being backed up, ComboFix will disconnect your computer from the Internet. Therefore, do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet as your connection will be completely restored at a later stage in the program.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically
You should now post this log here when all is complete.
Judy

0

I installed AVG because when i uninstalled BitDefender , until halfway , it stopped uninstalling so i restart my computer , when i went back to Add/Remove Programme , BitDefender was not there anymore , i could still find the file location , but there's isnt any uninstall.exe so i installed AVG to protect my computer .

0

I installed AVG because when i uninstalled BitDefender , until halfway , it stopped uninstalling so i restart my computer , when i went back to Add/Remove Programme , BitDefender was not there anymore , i could still find the file location , but there's isnt any uninstall.exe so i installed AVG to protect my computer .

Don't run Combofix until we get this anti-virus program problem corrected. How did you try to Uninstall BitDefender?
Is this a 32bit or 64bit system?

If you don't know here is how to find out. We need to know this for sure before going forward.
View System window in Control Panel

1. Click Start, type system in the Start Search box, and then click system in the Programs list.
2. The operating system is displayed as follows:
* For a 64-bit version operating system: 64-bit Operating System appears for the System type under System.
* For a 32-bit version operating system: 32-bit Operating System appears for the System type under System.

Edited by jholland1964: n/a

0

Its 32-bit Operating System .

Thanks, first then you need to Uninstall BitDefender entirely. I would use this program to do so;
BitDefender Uninstall Tool
After you run that tool THEN follow the instructions for the use and running of Combofix and post back with the log it produces.
Judy

0

Okay , so here's the log


ComboFix 09-12-05.04 - Acer 06/12/2009 20:33.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.65.1033.18.3326.2114 [GMT 8:00]
Running from: c:\users\Acer\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AVSredirect.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 12:29 . 2009-12-06 12:29 3580614 ----a-r- c:\users\Acer\ComboFix.exe
2009-12-06 12:24 . 2009-12-06 12:24 43705 ----a-w- C:\BdUninstallTool2009.12.06-08.24.03.reg
2009-12-06 03:41 . 2009-12-06 03:41 2494288 ----a-w- c:\users\Acer\BitDefender_Uninstall_Tool.exe
2009-12-05 10:57 . 2009-12-05 10:57 -------- d-----w- c:\program files\Trend Micro
2009-12-05 10:30 . 2009-12-05 10:30 -------- d-----w- c:\program files\ESET
2009-12-05 06:16 . 2009-12-05 14:09 -------- d-----w- c:\users\Acer\AppData\Local\Apple Computer
2009-12-05 03:37 . 2009-12-05 03:37 -------- d-----w- c:\users\Acer\AppData\Roaming\Malwarebytes
2009-12-05 03:37 . 2009-12-03 08:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 03:37 . 2009-12-05 03:37 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 03:37 . 2009-12-05 03:37 -------- d-----w- c:\programdata\Malwarebytes
2009-12-05 03:37 . 2009-12-03 08:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-05 03:35 . 2009-12-05 03:35 4844296 ----a-w- c:\users\Acer\mbam-setup.exe
2009-12-05 03:31 . 2009-12-05 03:31 50688 ----a-w- c:\users\Acer\ATF-Cleaner.exe
2009-12-05 03:31 . 2009-12-05 03:31 812344 ----a-w- c:\users\Acer\HJTInstall.exe
2009-12-05 02:35 . 2009-12-05 02:35 -------- d-----w- c:\program files\AVG
2009-12-04 12:52 . 2009-12-04 12:52 40448 ----a-w- c:\users\Acer\NoLop.exe
2009-12-02 04:42 . 2008-04-30 02:00 1024 ---ha-r- c:\windows\system32\NTIBUN4.dll
2009-12-02 04:41 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-12-02 04:41 . 2003-11-21 21:45 91136 ----a-r- c:\windows\system32\msls2.dll
2009-12-02 04:41 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-12-02 04:39 . 2005-01-06 01:36 31744 ----a-r- c:\windows\system32\hlp95en.dll
2009-12-02 04:39 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-12-02 03:38 . 2009-11-24 12:26 10134 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-12-02 03:38 . 2009-09-12 07:45 131072 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{141055D3-F7D6-4F92-AF59-09B013B78EE8}\SUPPORT.URL_143A2C221F454F61B9F40C4B1153B48D.exe
2009-12-02 02:36 . 2009-12-02 02:36 891248 ----a-w- c:\users\Acer\avg_free_stb_all_9_40_cnet.exe
2009-12-01 10:05 . 2009-12-01 10:05 11583944 ----a-w- c:\users\Acer\DAEMONToolsPro4350306.exe
2009-11-30 14:45 . 2009-12-04 10:51 4096 d-----w- c:\program files\DAEMON Tools Toolbar
2009-11-30 14:45 . 2009-11-30 14:45 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-30 14:45 . 2009-11-30 14:45 4096 d-----w- c:\program files\DAEMON Tools Lite
2009-11-30 14:44 . 2009-12-01 10:05 -------- d-----w- c:\users\Acer\AppData\Roaming\DAEMON Tools Lite
2009-11-30 14:44 . 2009-11-30 14:44 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-11-30 10:28 . 2009-11-30 10:28 9161776 ----a-w- c:\users\Acer\DTLite4355-0068.exe
2009-11-28 14:25 . 2009-11-28 14:25 -------- d-----w- c:\users\Acer\AppData\Local\Mozilla
2009-11-28 14:24 . 2009-11-28 14:24 8084968 ----a-w- c:\users\Acer\Firefox Setup 3.5.5.exe
2009-11-28 14:14 . 2007-12-26 09:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll
2009-11-28 14:14 . 2009-12-04 08:12 8192 d-----w- c:\program files\Cheat Engine
2009-11-28 14:14 . 2007-12-26 09:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-11-28 12:52 . 2009-11-28 12:52 -------- d-----w- c:\program files\Microsoft.NET
2009-11-28 12:50 . 2009-11-28 12:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-28 12:49 . 2009-11-28 12:49 -------- d-----w- c:\users\Acer\AppData\Local\Microsoft Help
2009-11-28 12:49 . 2009-11-28 12:49 -------- d-----r- C:\MSOCache
2009-11-28 03:50 . 2009-11-28 03:50 -------- d-----w- c:\users\Acer\AppData\Roaming\AVS4YOU
2009-11-28 03:50 . 2009-11-28 03:50 -------- d-----w- c:\programdata\AVS4YOU
2009-11-28 03:49 . 2009-11-28 04:21 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-28 03:49 . 2009-11-28 04:21 -------- d-----w- c:\program files\AVS4YOU
2009-11-28 03:49 . 2008-08-13 02:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-28 03:29 . 2009-12-01 10:18 -------- d-----r- c:\users\Acer\Hannah Montana 3 Supergirl - EP (www.musicnsong.piczo.com)
2009-11-28 02:34 . 2009-11-28 02:34 -------- d-----w- c:\windows\Replay Director
2009-11-28 02:17 . 2009-11-28 02:17 -------- d-----w- c:\windows\Replay Converter 3
2009-11-26 06:15 . 2009-11-26 06:15 -------- d-----w- c:\users\Acer\AppData\Roaming\The Ringtone Maker Plus
2009-11-25 11:16 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 10:03 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 10:03 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 12:44 . 2009-12-01 09:59 -------- d-----w- c:\programdata\Electronic Arts
2009-11-24 12:26 . 2008-09-04 18:17 447752 ----a-w- c:\windows\system32\vp6vfw.dll
2009-11-24 12:26 . 2009-11-24 12:26 -------- d-----w- c:\program files\Microsoft WSE
2009-11-24 12:26 . 2006-09-28 08:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-24 12:22 . 2009-12-01 10:05 -------- d-----w- c:\program files\Electronic Arts
2009-11-21 05:27 . 2009-11-21 05:28 4393269 ----a-w- c:\users\Acer\CheatEngine55.exe
2009-11-20 13:35 . 2009-11-20 13:35 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-20 13:35 . 2004-01-24 16:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-11-20 13:34 . 2009-11-20 13:34 -------- d-----w- c:\program files\eRightSoft
2009-11-20 13:21 . 2009-11-20 13:21 -------- d-----w- c:\users\Acer\AppData\Roaming\Xilisoft Corporation
2009-11-18 13:03 . 2009-11-18 13:03 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 12:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-18 12:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-18 12:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-18 12:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-18 12:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 12:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-14 11:52 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-14 11:52 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 12:28 . 2009-11-03 05:05 733184 ----a-w- c:\programdata\bits love axis thunk\Live Meow.exe
2009-12-05 15:13 . 2009-09-12 06:17 16384 d-----w- c:\users\Acer\AppData\Roaming\Azureus
2009-12-05 14:14 . 2009-09-12 06:16 4096 d-----w- c:\program files\Vuze
2009-12-04 13:33 . 2009-09-12 03:50 81984 ----a-w- c:\windows\system32\bdod.bin
2009-12-04 08:06 . 2008-04-30 02:11 16384 d-----w- c:\programdata\Microsoft Help
2009-12-04 08:05 . 2008-04-30 02:13 28672 d-----w- c:\program files\Microsoft Works
2009-12-01 10:05 . 2008-04-30 01:55 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-11-28 13:41 . 2009-09-12 02:14 101856 ----a-w- c:\users\Acer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-28 12:53 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-11-27 08:47 . 2008-04-30 01:59 4096 d-----w- c:\program files\Common Files\Adobe
2009-11-18 13:03 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 13:03 . 2009-11-18 13:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 13:03 . 2009-11-18 13:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-16 01:58 . 2009-09-14 10:48 4096 d-----w- c:\users\Acer\AppData\Roaming\Epson
2009-11-15 14:56 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-14 14:19 . 2009-11-03 05:04 -------- d-----w- c:\programdata\FilmDvdSoap
2009-11-03 05:11 . 2009-11-03 05:09 4096 d-----w- c:\program files\iTunes
2009-11-03 05:09 . 2009-11-03 05:09 -------- d-----w- c:\program files\iPod
2009-11-03 05:09 . 2009-09-12 03:28 -------- d-----w- c:\program files\Common Files\Apple
2009-11-03 05:05 . 2009-11-03 05:05 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 05:05 . 2009-11-03 05:05 252416 ----a-w- c:\programdata\FilmDvdSoap\byte active admin send.exe
2009-11-03 05:05 . 2009-11-03 05:05 -------- d-----w- c:\programdata\bits love axis thunk
2009-11-03 05:05 . 2009-11-03 05:05 733184 ----a-w- c:\programdata\FilmDvdSoap\mkukqbwp.exe
2009-11-03 05:04 . 2009-09-12 04:14 4096 d-----w- c:\program files\Messenger Plus! Live
2009-11-02 12:42 . 2009-10-04 12:05 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-26 14:48 . 2009-10-26 14:48 -------- d-----w- c:\users\Acer\AppData\Roaming\Media Player Classic
2009-10-26 14:48 . 2009-10-26 14:48 4096 d-----w- c:\program files\K-Lite Codec Pack
2009-10-18 12:37 . 2009-09-23 03:14 174 ----a-w- c:\users\Acer\AppData\Roaming\Azureus\restart.bat
2009-10-18 10:48 . 2009-10-18 10:48 -------- d-----w- c:\program files\Common Files\NetDragon
2009-10-18 10:47 . 2009-10-18 10:47 -------- d-----w- c:\program files\NetDragon
2009-10-17 04:02 . 2009-09-13 12:56 -------- d-----w- c:\program files\Common Files\Memeo
2009-10-17 04:02 . 2009-09-13 12:53 -------- d-----w- c:\users\Acer\AppData\Roaming\Memeo
2009-10-09 09:01 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-10-09 09:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-09 09:01 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-10-09 09:01 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-09 09:01 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-09 09:01 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-01 01:02 . 2009-11-18 12:04 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 12:04 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 12:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 12:04 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 12:04 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 12:04 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 12:04 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 12:04 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 12:04 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 12:04 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 12:04 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 12:04 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 12:04 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 12:04 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 12:04 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-18 12:04 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-18 12:04 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 12:04 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 12:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 12:04 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 12:04 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 12:04 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 12:04 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 12:04 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 12:04 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 12:04 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-18 12:04 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-18 12:04 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-18 12:04 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-18 12:04 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-18 12:04 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-18 12:04 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-18 12:04 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-18 12:04 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-18 12:04 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-18 12:04 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-18 12:04 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-18 12:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-18 12:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-18 12:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-18 12:04 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-18 12:04 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-18 12:04 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-17 14:08 . 2009-09-17 14:08 10686001 ----a-w- c:\users\Acer\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-09-14 09:29 . 2009-10-14 08:48 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-13 12:55 . 2009-09-13 12:55 10054640 ----a-w- c:\users\Acer\AppData\Roaming\Memeo\AutoBackup\temp\5735_me_ab_en-US_setup.exe
2009-09-12 07:38 . 2009-09-12 07:45 337240 ----a-w- c:\users\Acer\AppData\Roaming\InstallShield Installation Information\{141055D3-F7D6-4F92-AF59-09B013B78EE8}\setup.exe
2009-09-10 16:48 . 2009-10-14 08:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-28 09:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-10-28 09:26 310784 ----a-w- c:\windows\system32\unregmp2.exe
2006-05-03 09:06 . 2009-12-02 04:39 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2009-12-02 04:41 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2009-12-02 04:41 216064 --sh--r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bleh type"="c:\programdata\1 Anti Anti.qsrs39h" [X]
"Axis Thunk Window Wma"="c:\programdata\UPLOAD MEOW REMOTE.mfrvyes" [X]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-04-15 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-04 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-04 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-4-30 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):be,51,29,dc,bf,48,ca,01

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [30/4/2008 10:05 AM 269448]
R2 MyEpson Portal Service;MyEpson Portal Service;c:\program files\epson\MyEpson Portal\mepService.exe [8/6/2009 4:58 PM 622592]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\System32\drivers\RTL85n86.sys [30/4/2008 9:29 AM 341504]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [30/11/2009 10:45 PM 691696]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/1/2008 10:23 AM 21504]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [15/9/2009 6:40 PM 80744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=1&o=vp32&d=0909&m=aspire
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\4zahm5mx.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Apanel - c:\acersw\config\SetApanel.cmd
HKLM-Run-eRecoveryService - (no file)
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE UninstallGUI

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 20:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-06 20:40
ComboFix-quarantined-files.txt 2009-12-06 12:40

Pre-Run: 251,266,846,720 bytes free
Post-Run: 251,632,979,968 bytes free

- - End Of File - - 49412BC26DDC455F39E327FEAED6D042


by the way , should i install AVG? Cause afterall , i need some anti virus software

0

If you have no anti-virus on the computer then I would recommend instead that you install Avira. It is good, and it is Free.

Why didn't you note that you ran NoLop before you came here?

I need to see an Uninstall List generated by HiJackThis.
Run HijackThis and click Open the Misc Tools section

* Click Open Uninstall Manager
* Save list
* click on the Desktop icon or select to save the list on the desktop
* then click save.


Open the file and copy/paste the contents back here.

0

Okay , thanks for your advice
so here's the contents

91 PC Suite for iPhone
Acer Arcade Live Main Page
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Agatha Christie Death on the Nile
Alice Greenfingers
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Azada
Backspin Billiards
Big Kahuna Reef
Bluesoleil2.6.0.8 Release 070517
Bonjour
Bookworm Deluxe
Bricks of Egypt
Cake Mania
Cheat Engine 5.5
Chicken Invaders 3
Chuzzle
Diner Dash Flo on the Go
DivX Plus Web Player
DW6 ASIA
EA Download Manager
Epson Easy Photo Print 2
Epson Event Manager
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410_Epson ME Office 510 Manual
EPSON TX210 Series Printer Uninstall
ESET Online Scanner v3
eSobi v2
eSobi v2
Flip Words 2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
iPhone Configuration Utility
ITECIR Driver
iTunes
Jewel Quest Solitaire
Kick N Rush
K-Lite Mega Codec Pack 3.8.0
Mahjong Escape Ancient China
Malwarebytes' Anti-Malware
MCE Software Encoder 1.1
Messenger Plus! Live
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 3.0 Runtime
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyEpson Portal
MyEpson Portal
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
Presto! MaxReader 4.5 LE
QuickTime
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SUPER © Version 2009.bld.36 (June 10, 2009)
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb975960)
VC80CRTRedist - 8.0.50727.4053
Vuze
Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Zuma Deluxe

0

When did you run NoLop?

You need to go into Add/Remove and Uninstall Messenger Plus! Live
This is what carried in the Lop infection.
Then reboot and run a new HJT scan and post the log.

Edited by jholland1964: n/a

0

so do i need to install back messager plus ! live after i run the scan ?

Edited by loves: n/a

0

As far as I remember, you can have messenger plus, but you need to deny the 3rd party installation that comes bundled with it.

Edited by crunchie: n/a

0

okay thanks alot . I'll post the new log ASAP .

0

so heres the log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:02 PM, on 5/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\EPSON\MyEpson Portal\mep.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=1&o=vp32&d=0909&m=aspire
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=4809&s=1&o=vp32&d=0909&m=aspire
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [EPSON TX210 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFDP.EXE /FU "C:\Windows\TEMP\E_S6048.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [bleh type] "C:\ProgramData\1 Anti Anti.qsrs39h"
O4 - HKCU\..\Run: [Axis Thunk Window Wma] "C:\ProgramData\UPLOAD MEOW REMOTE.mfrvyes"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-sg.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 10257 bytes

0

Exact Date ? let me check

Edited by loves: n/a

0

I remembered ! Its on 4th of december . Is NoLop a virus ? Cause i went to other forums they said that its a way to remove the pop-ups .

0

I remembered ! Its on 4th of december . Is NoLop a virus ? Cause i went to other forums they said that its a way to remove the pop-ups .

Lop is an infection NoLop is a removal tool for this infection. Now I said you should Uninstall Messenger Plus! Live because of this:

McAfee SiteAdvisor warns that the website http://www.msgpluslive.net/ is linked with adware Adware-Lop/Swizzor

and as Crunchie said:

As far as I remember, you can have messenger plus, but you need to deny the 3rd party installation that comes bundled with it.

but I have to say, I wouldn't use it. Their own website, which is in NO Way connected to Windows Live Messenger it is simply a 3rd Party Add-on from Yuna Software, NOT Microsoft. The Messenger Live! Plus distributor website gets an Unsatisfactory Rating through Web of Trust for Malicious Content, Spyware, Malware and viruses. The choice is yours of course but if it were my machine I would stick with Windows Live Messenger. Messenger Live! Plus supposedly expands the features of the public version of Windows Live Messenger and as I said, the choice is yours but are the expanded features worth it? But that is your choice to make.

Now I need to ask again...WHAT anti-program do you have INSTALLED as I see NONE in the Uninstall List but I see at least some files from BitDefender and AVG 9 running on the system in the last HJT log you ran on December 5th. We can go no farther until you run a NEW Scan with HJT and post that log and answer the question concerning the Anti-virus program.
Judy

0

I already uninstalled the two anti virus program , and installed the anti virus program you intorduced me .

0

I already uninstalled the two anti virus program , and installed the anti virus program you intorduced me .

But I have no way of knowing that because you have not done a new scan with HJT and posted the log as I requested now at least twice.
I also need you to UPDATE MBA-M and do another Full Scan with it. Have it REMOVE anything found.
THEN REBOOT.
THEN I really need you to do a NEW HJT scan and post the new log. I can't give any more steps until I see those new logs because I don't know yet if the system is truly cleaned or more needs to be removed. I need those two logs and they have to be brand new scans.

0

Update MalwareBytesAnti-Malware (MBA-M) and do a full scan. Remove anything found. Save the log. Reboot the computer. Scan again with Hijackthis. Save the log. Post the MalwareBytesAnti-Malware (MBA-M) log and the Hijackthis log back here for Judy to check.

0

How do i update ?

Open the program, click the Update Tab, when that opens hit the Check for Updates button. Program will update in just a few minutes. Then go back to the Scanner Tab. Put a dot in Perform Full Scan and click Scan. It may ask what to scan, choose "C" drive. Allow it to scan, may take awhile. When it is finished it will show any infections in Red. Make sure there are check marks in all and then click the Remove All button. It will remove all found and then you should reboot the computer.
If nothing is found then the program will tell you Congratulations nothing found and the log will open. Regardless, please post the log.

0

But when i tried to open the program , it says ''run time error '0' ''
and ''run time error '404' '' automatic error

0

You have already had MBA-M running on your PC. What has happened in the last two days that has caused it to stop working?

Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):

regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"

Once you've done that click on File and select Save As...
In the Save dialogue box click on the drop down menu next to Save as type and select All Files
Name the file MBAM Fix.bat (the .bat extension is very important)
Save the file to your desktop and double click it to run it on XP. For Vista please right click on it and choose Run As Admin
Click OK to each of the 3 dialog boxes that should show a success message for each file registered
If you get an error that REGSVR32 "is not recognized as an internal or external command, operable program or batch file", then ensure that the file REGSVR32.EXE exists in the %WINDIR%\SYSTEM32 folder. If it's not found there you can copy if from another Computer running the same operating system and service pack level.
If that doesn't fix it then please download and install the Microsoft Visual Basic Common Controls from here to see if it helps.

http://www.malwarebytes.org/forums/index.php?showtopic=10138

Edited by crunchie: Add URL

0

Thanks alot, yes indeed , three boxes showed up and all was successfull , so what should i do next ?

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.