Computer Hope
Software => Computer viruses and spyware => Topic started by: zuratai on May 30, 2008, 08:32:11 PM
-
I think something is interfering with my games even new games taht i just download dont work after i install them even after i download more then once. Other stuff like flashget dont work either and windows media player. I think something is blocking them but its not my antivirus or fire wall. The only thing i think it could be is eacceleration froom stopsign.com which my spybot keeps picking up but i cant remove it because its in my memory. Need help :) please
-
Click below...
-
Stopsign is not good. At least that's what I hear .... it has been a problem for people.
http://answers.yahoo.com/question/index?qid=20060907000009AAfln0J
in any case .... at least for now, do a virus scan and try ad-aware to see if same issue comes up.
Also, post all other information about your system like Broni wants to know and have him help you on the malware technicals. According to what I've read, stopsign seems to be a malware.
-
What's on the C: drive ? ?
-
*** Go Start>Control Panel>Add\Remove, and uninstall AskSBar (if present).
*** Download HostsXpert (http://www.majorgeeks.com/Hoster_d4626.html) and then follow the below steps.
* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program
Restart computer.
Print these instructions out.
1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/ (http://www.superantispyware.com/)
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html (http://www.superantispyware.com/definitions.html).)
* Close SUPERAntiSpyware.
DISCONNECT PHYSICALLY FROM THE INTERNET
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen
* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
RECONNECT TO THE INTERNET
RESTART COMPUTER!
2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
RESTART COMPUTER!
3. Post new HijackThis log.
-
ok The superspyware detected nothing so there was no log but here is the malware log
Malwarebytes' Anti-Malware 1.14
Database version: 811
10:33:09 PM 5/7/2008
mbam-log-5-7-2008 (22-33-04).txt
Scan type: Full Scan (C:\|F:\|)
Objects scanned: 167282
Time elapsed: 51 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
F:\RECYCLER\S-1-5-21-1177238915-152049171-725345543-1004\Df116.exe (Rogue.BugDoctor) -> No action taken.
F:\RECYCLER\S-1-5-21-1177238915-152049171-725345543-1004\Df120.exe (Rogue.BugDoctor) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP117\A0054818.DLL (Adware.MyWebSearch) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP117\A0054819.DLL (Adware.MyWeb.FunWeb) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP117\A0054820.EXE (Adware.MyWeb.FunWeb) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP117\A0054821.DLL (Adware.MyWebSearch) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP117\A0054824.DLL (Adware.MyWebSearch) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP117\A0054825.EXE (Adware.MyWebSearch) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP56\A0031868.dll (Adware.Shoper) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP59\A0033610.DLL (Adware.MyWebSearch) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP59\A0033611.DLL (Adware.MyWeb.FunWeb) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP59\A0033612.EXE (Adware.MyWeb.FunWeb) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP59\A0033613.DLL (Adware.MyWebSearch) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP59\A0033616.DLL (Adware.MyWebSearch) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP59\A0033617.EXE (Adware.MyWebSearch) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP59\A0033618.EXE (Adware.MyWebSearch) -> No action taken.
F:\System Volume Information\_restore{E345F846-CB54-4604-AEF6-0F0BA1C87F61}\RP60\A0034372.exe (Adware.MyWeb.FunWeb) -> No action taken.
here is hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:01 PM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\Program Files\Webroot\Washer\WasherSvc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\DNA\btdna.exe
F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - F:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL (file missing)
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - F:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL (file missing)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\WINDOWS\system32\regsvr32.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Window Washer] "F:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Search - ?p=ZCfox000
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - Winlogon Notify: Fly - F:\WINDOWS\
O20 - Winlogon Notify: Love - F:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0005051207003295) (0005051207003295mcinstcleanup) - Unknown owner - F:\DOCUME~1\Zuratai\LOCALS~1\Temp\000505~1.EXE (file missing)
O23 - Service: Apache2.2 - Unknown owner - F:\Documents and Settings\Zuratai\Desktop\AC Web Ultimate Repack\Server\apache\bin\apache.exe (file missing)
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe (file missing)
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - Unknown owner - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - f:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: mysql - Unknown owner - F:\Documents.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: root - Unknown owner - F:\Program.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - F:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 10094 bytes
-
Malwarebytes log dispalys "No action taken" after each line, so you either posted wrong log, or you didn't follow instructions, especially:
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
Post correct log, or re-run scan.
-
I'd like to see the log.
Also was HJT ran AFTER Malwarebytes did its fixes?
-
I'm not sure, if I quiet understand.
-
You'll need to re-run Mylwarebytes.
Make sure, you follow instructions.
-
That's fine. I need fresh HJT log, then...
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:22 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\system32\PnkBstrB.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Webroot\Washer\WasherSvc.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\DNA\btdna.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - F:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL (file missing)
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - F:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL (file missing)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\WINDOWS\system32\regsvr32.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Window Washer] "F:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Search - ?p=ZCfox000
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - Winlogon Notify: Fly - F:\WINDOWS\
O20 - Winlogon Notify: Love - F:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0005051207003295) (0005051207003295mcinstcleanup) - Unknown owner - F:\DOCUME~1\Zuratai\LOCALS~1\Temp\000505~1.EXE (file missing)
O23 - Service: Apache2.2 - Unknown owner - F:\Documents and Settings\Zuratai\Desktop\AC Web Ultimate Repack\Server\apache\bin\apache.exe (file missing)
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe (file missing)
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - Unknown owner - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - f:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: mysql - Unknown owner - F:\Documents.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: root - Unknown owner - F:\Program.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - F:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 10124 bytes
-
Find anything yet?????????????????????
-
Oooops....email notification didn't reach me...checking HJT, right now.
-
*** Disable TeaTimer, as it'll interfere with the cleaning process:
Right click Spybot's TeaTimer System Tray Icon.
Click Exit Spybot-S&D Resident.
TeaTimer closes.
*** Go to Add\Remove, and uninstall Acceleration Software (if listed)
1. Print this post out, since you won't have an access to it, at some point.
2. Close all windows, except for HijackThis.
3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):
- R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - F:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL (file missing)
- O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
- O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - F:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL (file missing)
- O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FlashGet\jccatch.dll (file missing)
- O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
- O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL (file missing)
- O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
- O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
- O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL (file missing)
- O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
- O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
- O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
- O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
- *O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
- *O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
- *O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
- O8 - Extra context menu item: &Search - ?p=ZCfox000
- O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe (file missing)
- O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe (file missing)
- O20 - Winlogon Notify: Fly - F:\WINDOWS\
- O20 - Winlogon Notify: Love - F:\WINDOWS\
- O23 - Service: McAfee Application Installer Cleanup (0005051207003295) (0005051207003295mcinstcleanup) - Unknown owner - F:\DOCUME~1\Zuratai\LOCALS~1\Temp\000505~1.EXE (file missing)
- O23 - Service: mysql - Unknown owner - F:\Documents.exe (file missing)
- O23 - Service: root - Unknown owner - F:\Program.exe (file missing)
4. Click on Fix checked button.
5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)
6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
7. Delete following files/folders (if present):
- AskSBar, Acceleration Software folders from F:\Program Files
- ALCMTR.EXE file from F:\Windows
8. Restart in Normal Mode.
9. Post new HijackThis log.
-
this is when i restarted my computer and took it off safe mode. I did everything you told me to
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:13 AM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\system32\PnkBstrB.exe
F:\Program Files\Webroot\Washer\WasherSvc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
F:\Program Files\DNA\btdna.exe
F:\Program Files\Webroot\Washer\wwDisp.exe
F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\wuauclt.exe
E:\GF8\Win2KXP 162.18\setup.exe
E:\GF8\Win2KXP 162.18\setup.exe
F:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] F:\WINDOWS\system32\regsvr32.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Window Washer] "F:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - Winlogon Notify: Fly - F:\WINDOWS\
O20 - Winlogon Notify: Love - F:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0005051207003295) (0005051207003295mcinstcleanup) - Unknown owner - F:\DOCUME~1\Zuratai\LOCALS~1\Temp\000505~1.EXE (file missing)
O23 - Service: Apache2.2 - Unknown owner - F:\Documents and Settings\Zuratai\Desktop\AC Web Ultimate Repack\Server\apache\bin\apache.exe (file missing)
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe (file missing)
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - Unknown owner - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - f:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - F:\Program Files\Webroot\Washer\WasherSvc.exe
--
End of file - 9060 bytes