Ultimate Defender Ballon Problem

**clowes97** · 2007-01-05, 23:35

I'm pretty frustrated right now as I've noticed over the past couple days a yellow triangle on my taskbar with a popup that says I need to click on the triangle to fix the problem. At first I almost thought it was an authentic issue, but then realized it wasn't. However, I'm having a difficult time trying to get rid of it. I read another post who seems to be having the same issue that I am, however, I don't know how to "Hijackthis log". I'm not sure what I'm supposed to do first. Any help would be greatly appreciated.

Thank you in advance.

Amber

**clowes97** · 2007-01-06, 07:07

Incident Status Location

Adware:Adware/VideoAccess Not disinfected c:\windows\system32\isc_ui.exe
Adware:Adware/Megasearch Not disinfected C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\USDR6_0001_D09M0706NetInstaller.exe
Adware:adware/securityerror Not disinfected C:\Documents and Settings\Owner\Favorites\Antivirus Test Online.url
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/spywarequake Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038}
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-182f9fdf-71a3868c.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-182f9fdf-71a3868c.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-182f9fdf-71a3868c.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-182f9fdf-71a3868c.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-65402a5e-5913ad7c.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-65402a5e-5913ad7c.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-65402a5e-5913ad7c.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-65402a5e-5913ad7c.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-ffa13a4-21b7b413.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-ffa13a4-21b7b413.zip[VerifierBug.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-ffa13a4-21b7b413.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-ffa13a4-21b7b413.zip[Beyond.class]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@247realmedia[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adrevolver[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\owner@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Cookies\owner@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Cookies\owner@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ccbill[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter.hitslink[1].txt

**clowes97** · 2007-01-06, 07:09

Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter1.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter10.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter13.sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter16.sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter2.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter3.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter4.sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter5.sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter6.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter7.sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter8.sextracker[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@counter9.sextracker[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@cs.sexcounter[2].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@drivecleaner[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hc2.humanclick[3].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Cookies\owner@maxserving[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[4].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@media.fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@paycounter[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Cookies\owner@qksrv[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Owner\Cookies\owner@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[9].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Owner\Cookies\owner@sexlist[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Owner\Cookies\owner@sextracker[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Owner\Cookies\owner@stats1.reliablestats[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[4].txt

**clowes97** · 2007-01-06, 07:10

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Cookies\owner@target[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tickle[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.affiliatefuel[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www.drivecleaner[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www3.addfreestats[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www5.addfreestats[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\owner@www6.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xxxcounter[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt
Adware:Adware/Trymedia Not disinfected C:\Downloads\BellesBeautyBoutiqueSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\CarnivalCruiseLinesTycoon-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\CruiseTycoonSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\MysterySolitaireSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\OktoberfestSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\PlantasiaSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\PuppyLuv-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\SinglesMSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\TheApprenticeSetup-dm[1].exe
Adware:Adware/Megasearch Not disinfected C:\Program Files\bfgtoolbar\bfgtoolbar.dll

**clowes97** · 2007-01-06, 07:11

Logfile of HijackThis v1.99.1
Scan saved at 12:29:25 AM, on 1/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1130637403\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\AOL\1130637403\ee\AOLSoftware.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Common Files\AOL\1130637403\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\WINDOWS\system32\zknopmte.exe
C:\WINDOWS\system32\isc_ui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\AOL\1130637403\ee\SSCEvtHdlr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\GV250\Wakeup.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Common Files\AOL\1130637403\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\AntiSpyWare\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1b649128-1dd2-11b2-a931-cebdfa7c74db} - C:\WINDOWS\system32\msahgjee.dll
O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: (no name) - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - (no file)
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130637403\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DNSClient] "C:\DDNS\DNSClient.exe" 1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Music Now] C:\Program Files\Music Now\MusicNow.exe
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1130637403\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1130637403\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [zknopmte.exe] C:\WINDOWS\system32\zknopmte.exe
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: IR Remote Control.lnk = C:\GV250\Wakeup.exe
O4 - Global Startup: MultiCam Auto Start.lnk = C:\GV250\DM500Startup.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://palmvidserver.dyndns.org:81/Cam/cab/OCXChecker_6110.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156347454827
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://cloweseyes97.dipmap.com:81/cab/OCXChecker_8000.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://palmvidserver.dyndns.org:81/cam/cab/DownloadFile_7000.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c10.cab?266f0348bf63d754c8501e141382b74b11522b105eecf6045bf9df22830673d27ce23693f6fea70b0c9870da8e71b14be31d47c179aae9cfe8d5bcaff0414503d8d11ba045:e14874fba286e71b5da6e5d94259853a
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v6.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1130637403\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

**tashi** · 2007-01-09, 19:18

Hello and sorry for the wait.

If you have not resolved the problem, we do have this sticky topic:

If you have waited four days for advice post here.

**pskelley** · 2007-01-13, 12:52

Hello Amber, I apologize for the delay, I have looked several times and was not 100% sure how to proceed, but it appears the other helpers are busy. I will do my very best to get you cleaned up. Here is what I need from you to start.

1) If you have not read and followed all of these instructions, please do so:
"BEFORE you POST" -Preliminary Steps
http://forums.spybot.info/showthread.php?t=288
Once reason I am asking is because it looks like your HJT log is formatted. Please open Notepad and click on "Format" at the top. If "Word Wrap" is checked, please uncheck it for the duration of the cleanup.

2) If you looked at your anti-virus scan results you can see all of those junk cookies you are storing. So we do not have to look at them again, please delete all cookies now.
* Clean your Cache and Cookies in IE:

Close all instances of Outlook Express and Internet Explorer
Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

3) We may have a Smitfraud information, this will tell us:
Download Smitfraudfix from here: http://siri.geekstogo.com/SmitfraudFix.php and follow these directions only:
Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note:
process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consultin...rocessutil.htm

Use "Post Reply" to stay in this topic. Post that report from Smitfraudfix and a new unformatted HJT log. I will respond with directions as soon as possible after that. Please add any comments you think will help, and if your issue is resolved, post and let me know so I can close your topic.

Thanks

**clowes97** · 2007-01-13, 18:52

SmitFraudFix v2.132

Scan done at 12:49:19.97, Sat 01/13/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\Owner\STARTM~1\Programs\Startup\.protected FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1

C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

**clowes97** · 2007-01-13, 18:53

Logfile of HijackThis v1.99.1
Scan saved at 12:53:22 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\AOL\1130637403\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\AOL\1130637403\ee\AOLSoftware.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Music Now\MusicNow.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Common Files\AOL\1130637403\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\zknopmte.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\isc_ui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1130637403\ee\SSCEvtHdlr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BigFix\bigfix.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\Common Files\AOL\1130637403\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\GV250\GV250.exe
C:\GV250\BcastTcp.exe
C:\GV250\PlaySoundSvr.exe
C:\GV250\DmHealthSvr.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\AntiSpyWare\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1b649128-1dd2-11b2-a931-cebdfa7c74db} - C:\WINDOWS\system32\msahgjee.dll
O2 - BHO: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Big Fish Games - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: (no name) - {A93A3CC9-BA23-4d0d-9440-6A0148362B7E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130637403\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DNSClient] "C:\DDNS\DNSClient.exe" 1
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Music Now] C:\Program Files\Music Now\MusicNow.exe
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1130637403\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1130637403\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [zknopmte.exe] C:\WINDOWS\system32\zknopmte.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Personal Security Center Monitor] C:\WINDOWS\system32\isc_ui.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SightSpeed] C:\Program Files\SightSpeed\SightSpeed.exe -minimized
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: IR Remote Control.lnk = C:\GV250\Wakeup.exe
O4 - Global Startup: MultiCam Auto Start.lnk = C:\GV250\DM500Startup.exe
O4 - Global Startup: SnapDetect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://palmvidserver.dyndns.org:81/Cam/cab/OCXChecker_6110.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://software.musicnow.com/musicnow/phoenix/4.0.0.34/MusicNow.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156347454827
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://cloweseyes97.dipmap.com:81/cab/OCXChecker_8000.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/feedingfrenzy/sis/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DBAFE6AD-DC14-45DF-A3F7-F8832289A1CD} (DownloadFile Control) - http://palmvidserver.dyndns.org:81/cam/cab/DownloadFile_7000.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1130637403\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

**clowes97** · 2007-01-13, 19:01

The past couple days, my computer has started freezing, and the only way to shut it down is manually by holding the button down for several seconds. I don't know if it's related to the other problem with Ultimate Defender or not. The word wrap on Notepad is unchecked, and I'm sorry if it's difficult to read. Thank you for responding and helping me clean my computer. It's been very frustrasting! I don't know if this means anything, but this file "C:\WINDOWS\system32\zknopmte.exe" is an unknown and fairly new, noticed around the time I started having problems. I don't know if it helps you or not. Please let me know if there are any other logs or anything else you would like me to post to get rid of whatever is happening to my system. Thank you again!

Amber

Thread: Ultimate Defender Ballon Problem

Thread Tools

Display

Ultimate Defender Ballon Problem

On-Line Anti-Virus Scan Log for Ultimate Defender Problem

On-Line Anti-Virus Scan Log & Hijackthis Logs for Ultimate Defender Problem Pt. 2

On-Line Anti-Virus Scan Log & Hijackthis Logs for Ultimate Defender Problem Pt. 3

HiJackThis Log for Ultimate Defender Problem

SmitFraudFix Log

Updated HiJackThis Log

New problems that could be related as well as a file I've noticed recently

Posting Permissions