Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

## HJT Log. WinAntiVirus Pro 2006, other things

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I don't know what's on my computer anymore. I have BitDefender but the stupid thing won't do scans or anything when I click on it so I gave up on it! Every once in awhile it pops up and says it blocked something, but yeah right...I've done this before, the ComboFix stuff, but of course I am not expert, so here I am to you guys, and thankfully you don't charge $50 a session! My Problem: I did a Anti-spyware scan, the one that Yahoo! has. I got a bunch of the little stuff, a Rogue Spyware program, and adware on the last scan. It keeps telling me that it needs administrative rights to quarantine them but..um...I AM the administrator. I have not physically noticed any problems. No pop-ups. Computer is not slow. I mean I do recall a few popups saying they are scanning my computer for infected files, but that was awhile ago. I'm sure something is probably logging my keystrokes unbeknownst to me, and since recently my bank account has been affected, I find this highly possible. Along with help, does anyone know of BitDefender? Should I look into a new Anti-Virus program? I've never tried McAfee but it seems the rest of them just suck. Thanks ahead of time for the help. I've been here before and I know you guys are thorough and patient. Oh, some added information, I rarely use I.E. if ever. I normally use Chrome, and occasionally Firefox since somethings don't support Chrome. not sure if that's helpful but thought I would try. HiJack This Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:37:29 PM, on 11/6/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\RtHDVCpl.exe C:\Windows\PLFSetL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\system32\igfxext.exe C:\Users\Patrice\Program Files\DNA\btdna.exe C:\Windows\system32\igfxsrvc.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Users\Patrice\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Patrice\Documents\Downloads\CoreTemp\CoreTemp\CoreTemp32\Core Temp.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\igfxsrvc.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Google Update] "C:\Users\Patrice\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Patrice\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Core Temp] "C:\Users\Patrice\Documents\Downloads\CoreTemp\CoreTemp\CoreTemp32\Core Temp.exe" O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (MSN Games – Matchmaking) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (MSN Games – Game Chat) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GA ... b60096.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b79352.cab O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zp ... b55579.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... 102118.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab O20 - AppInit_DLLs: C:\Program Files\RelevantKnowledge\rlai.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Update Service (gupdate1c99ebc7c45a8b0) (gupdate1c99ebc7c45a8b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10613 bytes Treece Active Member Posts: 5 Joined: December 1st, 2008, 10:57 pm Advertisement Register to Remove ### Re: HJT Log. WinAntiVirus Pro 2006, other things Hi Treece, We have some things we need to straighten out first. ----------------------------------------------- Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs It is posted here: http://malwareremoval.com/forum/viewtopic.php?f=11&t=33112 As a condition of receiving our help, I have included the P2P program Bittorrent DNA in the removal instructions below, so we are not wasting our time. ----------------------------------------------------------- Disable Ad-Aware Service Go to Start and type services.msc into the Search box, and click OK. When Vista asks permission, click Continue Scroll down if necessary and find this service: Lavasoft Ad-Aware Service Click once on the service to highlight it. Right-Click on the service. Click on Properties Select the General tab. Next to Service Status, click Stop. Click the Arrow-down tab on the right-hand side of the Start-up Type box. From the drop-down menu, click on Disabled Click Apply , then OK ----------------------------------------------------------- Remove Registry items with HighjackThis. Start HijackThis. Click Do System Scan Only. When the Scan is complete, Check the following entries: (Some of these lines may be missing) O20 - AppInit_DLLs: C:\Program Files\RelevantKnowledge\rlai.dll O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b79352.cab O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Patrice\Program Files\DNA\btdna.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked Click the "X" in the upper right corner of the HiJackThis window to close it. ------------------------------------------------ Remove Programs Using Control Panel From Start, Control Panel, click on Uninstall a program under the Programs heading. Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue: DNA BTDNA BittorrentDNA Adobe reader 8 Ask Toolbar Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program. ----------------------------------------------------------- REBOOT Your Machine ----------------------------------------------------------- Retrieve the List of Installed programs Using HJT Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List... The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder. In addition, the list opens in Notepad so you can also save as another name in another location if you wish. Please paste the contents into your next reply. ----------------------------------------------------------- Post a New HiJackThis Log Start HijackThis Click Do System Scan and Save a Log File. When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply. askey127 askey127 Admin/Teacher Posts: 13937 Joined: April 17th, 2005, 3:25 pm Location: New Hampshire USA ### Re: HJT Log. WinAntiVirus Pro 2006, other things I've done everything as you listed, and as you said some lines may be missing, I did not find : O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b79352.cab Nor did I find BTDNA to uninstall but both BitTorrent, and DNA were uninstalled. I do have a question, if you don't mind, why did Adobe Reader need to be uninstalled? Isn't it safe? Thanks so far for your help. The logs you requested are below. List of Installed Programs: 2007 Microsoft Office system Acer Assist Acer Crystal Eye webcam Acer Crystal Eye Webcam Acer Crystal Eye Webcam Video Class Camera Acer eDataSecurity Management Acer eLock Management Acer Empowering Technology Acer eNet Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Acer Mobility Center Plug-In Acer Registration Acer ScreenSaver Activation Assistant for the 2007 Microsoft Office suites Ad-Aware Ad-Aware Adobe AIR Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Apple Software Update AT&T Yahoo! Applications BitDefender Antivirus 2009 Broadcom Gigabit Integrated Controller Business Contact Manager for Outlook 2007 SP2 Business Contact Manager for Outlook 2007 SP2 CA Yahoo! Anti-Spy (remove only) CCScore CEP (Color Enable Package) v.9.0 (beta) Debut Video Capture Software ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) GIMP 2.4.7 Google Earth Google Update Helper HDAUDIO Soft Data Fax Modem with SmartCP Highlight Viewer (Windows Live Toolbar) HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel(R) Graphics Media Accelerator Driver Java 2 Runtime Environment, SE v1.4.2_15 Java(TM) 6 Update 17 kgcbase Kodak EasyShare software Launch Manager Malwarebytes' Anti-Malware Map Button (Windows Live Toolbar) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2003 Web Components Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Small Business Connectivity Components Microsoft Office Word MUI (English) 2007 Microsoft Office XP Professional with FrontPage Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Mozilla Firefox (3.5.5) MSXML 4.0 SP2 (KB954430) netbrdg NTI Backup NOW! 4.7 NTI Backup NOW! 4.7 NTI CD & DVD-Maker NTI Shadow NTI Shadow OfotoXMI Opera 10.00 PopCap Browser Plugin PowerDVD QuickTime Realtek High Definition Audio Driver Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB969679) Security Update for Microsoft Office Excel 2007 (KB969682) Security Update for Microsoft Office Outlook 2007 (KB972363) Security Update for Microsoft Office PowerPoint 2007 (KB957789) Security Update for Microsoft Office Publisher 2007 (KB969693) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB969604) SFR SHASTA skin0001 SKINXSDK Smart Menus (Windows Live Toolbar) Spelling Dictionaries Support For Adobe Reader 8 staticcr Synaptics Pointing Device Driver Texas Instruments PCIxx21/x515/xx12 drivers. The Sims 2 tooltips Toxic Biohazard Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Outlook 2007 Junk Email Filter (KB974810) Viewpoint Media Player Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 VPRINTOL Windows Live Favorites for Windows Live Toolbar Windows Live installer Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Media Player Firefox Plugin WIRELESS Zune Zune Zune Language Pack (ES) Zune Language Pack (FR) ------------ HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:03:02 PM, on 11/9/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\RtHDVCpl.exe C:\Windows\PLFSetL.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\Patrice\AppData\Local\Temp\RtkBtMnt.exe C:\Users\Patrice\Documents\Downloads\CoreTemp\CoreTemp\CoreTemp32\Core Temp.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Patrice\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Google Update] "C:\Users\Patrice\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Core Temp] "C:\Users\Patrice\Documents\Downloads\CoreTemp\CoreTemp\CoreTemp32\Core Temp.exe" O4 - Global Startup: Empowering Technology Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (MSN Games – Matchmaking) - http://zone.msn.com/binFrameWork/v10/St ... b55579.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (MSN Games – Game Chat) - http://zone.msn.com/binframework/v10/ZP ... b55579.cab O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GA ... b60096.cab O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b79352.cab O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zp ... b55579.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... 102118.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/St ... b55579.cab O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Update Service (gupdate1c99ebc7c45a8b0) (gupdate1c99ebc7c45a8b0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9037 bytes Treece Active Member Posts: 5 Joined: December 1st, 2008, 10:57 pm ### Re: HJT Log. WinAntiVirus Pro 2006, other things Treece, Good work. The Adobe Reader version you had is obsolete. It is one of a number of programs that are targeted by malware purveyors. Each time a software bug is found that would allow unauthorized entry into the system, criminals design a method to use the bug to their advantage, and Adobe releases a new version to counter. Adobe Reader is attractive to criminals since it is so widespread in large corporations. We will install a new version of Adobe Reader, which will be more secure. ------------------------------------------------ Remove Programs Using Control Panel From Start, Control Panel, click on Uninstall a program under the Programs heading. Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue: PopCap Browser Plugin Java 2 Runtime Environment, SE v1.4.2_15 <== this is another one that is a "target" Take extra care in answering questions posed by any Uninstaller. I would also recommend you get rid of Viewpoint Media Player, but that is your call. It installs things without asking. -------------------------------------------------------- You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions. All versions numbered lower than 9.2 are vulnerable. • Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader. • Save this file to your desktop and run it to install the latest version of Adobe Reader. ----------------------------------------------------------- Remove Registry items with HighjackThis. Start HijackThis. Click Do System Scan Only. When the Scan is complete, Check the following entries: (Any of these lines may be missing) O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zp ... b79352.cab If you intend to remove the Viewpoint Media Player, check this line also, if it's present: O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked Click the "X" in the upper right corner of the HiJackThis window to close it. ---------------------------------------------------------------------------------- Run MalwareBytes' Anti-Malware • Start Malwarebytes' Anti-Malware. (right click and choose Run as Administrator) • Click on The Update tab. Choose Check for Updates. • If an update is found, it will download and install the latest version. • If necessary, start Malwarebytes Anti-Malware again. • Once the program is running, select Perform Quick Scan, then click Scan. • When the scan is complete, click OK, then Show Results to view the results. • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected. • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply. • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents. • Recent logs are named by time/date stamp in this format : mbam-log-2009-mm-dd(hour-min-sec).txt Let me know how it goes. I am looking for the log from Malwarebytes Anti-Malware in your next post. askey127 askey127 Admin/Teacher Posts: 13937 Joined: April 17th, 2005, 3:25 pm Location: New Hampshire USA ### Re: HJT Log. WinAntiVirus Pro 2006, other things Well thanks again. Malware Bytes didn't find anything. I almost feel like I wasted your time now lol. Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 6.0.6002 Service Pack 2 11/9/2009 5:59:29 PM mbam-log-2009-11-09 (17-59-29).txt Scan type: Quick Scan Objects scanned: 95705 Time elapsed: 6 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Treece Active Member Posts: 5 Joined: December 1st, 2008, 10:57 pm ### Re: HJT Log. WinAntiVirus Pro 2006, other things Treese, You didn't waste my time at all. You needed to get those old applications off your machine. Now let's check the general scope of things with a multi-purpose scanner. This could take quite a while (several hours). Please be patient and let it finish. You will need to allow an ActiveX component, using Internet Explorer, to run it. ----------------------------------------------------- Run an Online Kaspersky WebScan • Please go to Kaspersky website and perform an online antivirus scan. • Read through the requirements and privacy statement and click on Accept button. • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan. • Once the scan is complete, it will display the results. Click on View Scan Report. • You will see a list of infected items there. Click on Save Report As.... • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. • Please post the contents of this log in your next reply. askey127 askey127 Admin/Teacher Posts: 13937 Joined: April 17th, 2005, 3:25 pm Location: New Hampshire USA ### Re: HJT Log. WinAntiVirus Pro 2006, other things Nothing here either. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, November 10, 2009 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, November 10, 2009 03:50:08 Records in database: 3185127 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 138624 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 02:17:07 No threats found. Scanned area is clean. Selected area has been scanned. Treece Active Member Posts: 5 Joined: December 1st, 2008, 10:57 pm ### Re: HJT Log. WinAntiVirus Pro 2006, other things Treece, Looks like you're good. I would keep Malwarebytes anti-malware (even buy the 26$USD lifetime).
If you use the free one, have it manually update and scan every week.

You may also benefit from this:
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

Posts: 13937
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

### Re: HJT Log. WinAntiVirus Pro 2006, other things

Treece
Active Member

Posts: 5
Joined: December 1st, 2008, 10:57 pm

### Re: HJT Log. WinAntiVirus Pro 2006, other things

this topic is now closed.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.

Posts: 13937
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Register to Remove

• Similar Topics
Replies
Views
Last post