search assistant attacked my xp
log:
Logfile of HijackThis v1.99.0
Scan saved at 11:53:27 AM, on 8/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\hrysh.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\program files\180searchassistant\sais.exe
C:\WINDOWS\wxypsf.exe
C:\WINDOWS\System32\59mhgh4r.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [TQh06] C:\WINDOWS\hrysh.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [wxypsf] C:\WINDOWS\wxypsf.exe
O4 - HKLM\..\Run: [59mhgh4r] C:\WINDOWS\System32\59mhgh4r.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: Win32 Classes -
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Mouse Cursor Monitor - Unknown - C:\WINDOWS\System32\mousecrm.exe
there's also this persistent messageboxes warning me to fix my registry. Please fix. Thank you.
Logfile of HijackThis v1.99.0
Scan saved at 11:53:27 AM, on 8/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\hrysh.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\program files\180searchassistant\sais.exe
C:\WINDOWS\wxypsf.exe
C:\WINDOWS\System32\59mhgh4r.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [TQh06] C:\WINDOWS\hrysh.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [sais] c:\program files\180searchassistant\sais.exe
O4 - HKLM\..\Run: [wxypsf] C:\WINDOWS\wxypsf.exe
O4 - HKLM\..\Run: [59mhgh4r] C:\WINDOWS\System32\59mhgh4r.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: Win32 Classes -
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Mouse Cursor Monitor - Unknown - C:\WINDOWS\System32\mousecrm.exe
there's also this persistent messageboxes warning me to fix my registry. Please fix. Thank you.
0
Comments
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\System32\xpjava.exe
C:\WINDOWS\System32\msdirectx.sys
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run HijackThis and put checkmarks in front of the following items.
F2 - REG:system.ini: Shell=Explorer.exe,xpjava.exe
Close all windows except HijackThis and click Fix checked:
Boot back to normal and copy the part in bold below into notepad. Save it as unlegacy.reg (set filetype to "All Files")
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECTX]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSDIRECTX]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdirectx]
Doubleclick the file you made and confirm you want to merge it with the registry.
Reboot once more and post a new log.
==
There is more to do, but I want to get rid of this infection first
Scan saved at 9:48:33 AM, on 8/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\mousecrm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\etb\pokapoka62.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\Documents and Settings\All Users\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O16 - DPF: Win32 Classes -
O17 - HKLM\System\CCS\Services\Tcpip\..\{D508AC6D-A9E7-41B5-915C-44B25EA08A6E}: NameServer = 202.81.160.6 202.81.160.7
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Mouse Cursor Monitor - Unknown - C:\WINDOWS\System32\mousecrm.exe
===============
Download, then unzip to "C:\HJT", the newest version of HiJackThis; version 1.99.1. Then repost your log, either now, or after following the steps in the solution (if provided in this post). This version has features that might be more helpful in 'cleaning' up your system.
===============
Please visit at least two of the following sites for an online virus scan:
BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.
Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.
Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you tick Auto Clean.
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
===============
Next, Open a command prompt by:
1. Clicking "Start", then "Run...".
2. Enter "cmd" (without the quotes).
3. Enter "services.msc" (without the quotes).
-
Now, locate and 'stop' the following services, if present:
Mouse Cursor Monitor ... (C:\WINDOWS\System32\mousecrm.exe)
Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services. Once stopped, set this service to disabled.
===============
Run HiJackThis then:
1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"
-
Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:
C:\WINDOWS\System32\mousecrm.exe
C:\WINDOWS\etb\pokapoka62.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.
===============
Still in HiJackThis, click "Scan", then check(tick) the following, if present:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O16 - DPF: Win32 Classes -
O23 - Service: Mouse Cursor Monitor - Unknown - C:\WINDOWS\System32\mousecrm.exe
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
folders...
C:\WINDOWS\etb
files...
C:\WINDOWS\System32\mousecrm.exe
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
To help protect your system from hostile ActiveX content, or special 'downloadable' files:
Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
1) Check for any available updates; if present, they'll be automatically downloaded and installed.
2) Next, "Enable all protection".
3) Exit the program.
-
Note: Remember to regularly check for updates.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Here's the HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:24:57 PM, on 8/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\SYSTEM32\E_S4I3C2.EXE
C:\WINDOWS\SYSTEM32\E_S10IC2.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [steam] steam.exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB003" /M "Stylus C45"
O4 - HKLM\..\RunServices: [steam] steam.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
and a Panda log:
Incident Status Location
Adware:Adware/EliteBar No disinfected C:\FOUND.002\FILE0002.CHK
Adware:Adware/EliteBar No disinfected C:\FOUND.002\FILE0004.CHK
Adware:Adware/PowerScan No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6LET65GB\powerscan[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8N2N6327\package_MARKETING27[1].exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8N2N6327\webservice[2].htm
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8N2N6327\webservice[3].htm
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\M32F8T43\sahagent[1].exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GLETOH6R\istdownload[1].exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GLETOH6R\xml_istbar[1].xml
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GLETOH6R\webservice[2].htm
Virus:W32/Gaobot.IUP.worm Disinfected C:\WINDOWS\SYSTEM32\TFTP2644
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\59mhgh4r.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\ji3idmp9.exe
Virus:W32/Ircbot.JF.worm Disinfected C:\WINDOWS\SYSTEM32\mousecrm.exe
Virus:W32/Gaobot.DAD.worm Disinfected C:\WINDOWS\SYSTEM32\winhlpp32.exe
Virus:Bck/Agent.AFS Disinfected C:\WINDOWS\SYSTEM32\steam.exe
Virus:W32/Sdbot.ELW.worm Disinfected C:\WINDOWS\SYSTEM32\o.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\603nfsc5.exe
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\TEMP\p2psetup.exe
Spyware:Spyware/ISTbar No disinfected C:\WINDOWS\TEMP\fGCdZb6.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\TEMP\180sainstallersilsais1.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\TEMP\res2F7.tmp
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/gator No disinfected C:\WINDOWS\GatorPdpSetup.log
Virus:Trj/TedapuNews.A Disinfected C:\Program Files\AVPersonal\INFECTED\959A576C.04D
Virus:Trj/TedapuNews.A Disinfected C:\Program Files\AVPersonal\INFECTED\B6C4825A.017
Virus:Trj/TedapuNews.A Disinfected C:\Program Files\AVPersonal\INFECTED\A8136930.29F
Adware:Adware/PowerScan No disinfected C:\Program Files\Power Scan\powerscan.exe
Adware:Adware/Need2Find No disinfected C:\Documents and Settings\All Users\Desktop\hijackthis\backups\backup-20050718-102027-833.dll
Adware:Adware/SAHAgent No disinfected C:\Documents and Settings\sze\Local Settings\Temp\temp.fr95E0
Virus:W32/Gaobot.IUP.worm Disinfected C:\Documents and Settings\sze\Local Settings\Temp\278.tmp
Virus:Bck/Agent.AFS Disinfected C:\Documents and Settings\sze\Local Settings\Temp\27A.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\sze\Local Settings\Temp\196808_1392_1648_776_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\sze\Local Settings\Temp\196896_1392_1648_1236_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\sze\Local Settings\Temp\327948_1392_1648_1960_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\sze\Local Settings\Temp\262348_1392_1648_796_62.41.tmp
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\sze\Local Settings\Temp\262384_1392_1648_2000_62.41.tmp
Hacktool:HackTool/Rootkit.C No disinfected C:\Documents and Settings\sze\msdirectx.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002288.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002307.sys
Adware:Adware/nCase No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002309.dll
Adware:Adware/nCase No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002311.exe
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002329.sys
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002347.DLL
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002351.sys
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002768.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002769.exe
Spyware:Spyware/BargainBuddy No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002782.dll
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002787.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0002797.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP3\A0003797.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP4\A0003802.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP4\A0003808.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP4\A0004808.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP4\A0004817.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP4\A0004828.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP4\A0005828.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP4\A0006828.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP4\A0006839.sys
Hacktool:HackTool/Rootkit.C No disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP4\A0006853.sys
Virus:Bck/Agent.AFS Disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP5\A0007037.exe
Virus:W32/Ircbot.JF.worm Disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP6\A0007059.exe
Virus:W32/Gaobot.DAD.worm Disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP6\A0007060.exe
Virus:Bck/Agent.AFS Disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP6\A0007061.EXE
Virus:W32/Sdbot.ELW.worm Disinfected C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP6\A0007062.exe
Unzip the file to your desktop.
Run Pocket Killbox and paste the full file path of the below file in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you the file.
C:\WINDOWS\etb\pokapoka62.exe
Reboot afterwards if the file is successfully deleted.
If the file is not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot.
==
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Once in Safe Mode, please run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.
Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
==
You may also need to uninstall your EPSON Stylus drivers and reinstall them again. Looking at your log, there are quite a few entries there for it.
Anyway, here the latest log:
Logfile of HijackThis v1.99.1
Scan saved at 10:51:31 AM, on 8/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\smss.pif
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\sze\My Documents\MUZIX\OTHERS\nester\nnnesterJ.exe
C:\Program Files\OPERA\opera.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [steam] steam.exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB003" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB006" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [Microsoftf smss Control] smss.pif
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P39 "EPSON Stylus Photo R210 Series (Copy 1)" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\RunServices: [steam] steam.exe
O4 - HKLM\..\RunServices: [Microsoftf smss Control] smss.pif
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D508AC6D-A9E7-41B5-915C-44B25EA08A6E}: NameServer = 202.81.160.6 202.81.160.7
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunServices: [Microsoftf smss Control] smss.pif
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
folders...
C:\Program Files\winupdates
files...
C:\WINDOWS\System32\smss.pif
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
==
In order for Ewido to run the entire scan, you may have to disable, then re-enable system restore. There have been a few occasions when this has happened and doing that has allowed the full scan to be done.
Otherwise, I've followed the other instruction. I failed to detect smss.
Latest log:
Logfile of HijackThis v1.99.1
Scan saved at 3:56:54 PM, on 8/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\OPERA\opera.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\av32.pif
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [steam] steam.exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB003" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB006" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P39 "EPSON Stylus Photo R210 Series (Copy 1)" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\RunServices: [steam] steam.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D508AC6D-A9E7-41B5-915C-44B25EA08A6E}: NameServer = 202.81.160.6 202.81.160.7
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
ewido security suite - Scan report
+ Created on: 2:26:10 PM, 8/16/2005
+ Report-Checksum: 478FCE99
+ Scan result:
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
HKU\S-1-5-21-1214440339-1960408961-682003330-500\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1214440339-1960408961-682003330-500\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1214440339-1960408961-682003330-500\Software\RX Toolbar -> Spyware.RXToolbar : Cleaned with backup
::Report End
And the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 2:30:21 PM, on 8/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [steam] steam.exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB003" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB006" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P39 "EPSON Stylus Photo R210 Series (Copy 1)" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\RunServices: [steam] steam.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
Did you uninstall your Epson printer yet? I think there is something wrong because of all those entries in the log. Reinstall it when done.
You can also delete the entries for it from the Global startup folder.
Latest log:
Logfile of HijackThis v1.99.1
Scan saved at 11:02:48 AM, on 8/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\steam.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OPERA\opera.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [steam] steam.exe
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB006" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P39 "EPSON Stylus Photo R210 Series (Copy 1)" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\RunServices: [steam] steam.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D508AC6D-A9E7-41B5-915C-44B25EA08A6E}: NameServer = 202.81.160.6 202.81.160.7
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
I also have no idea what steam.exe is. Is it also a spyware? Thanks.
Not sure what the problem could be with your search.
Logfile of HijackThis v1.99.1
Scan saved at 11:02:32 AM, on 8/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\sze\My Documents\MUZIX\OTHERS\nester\nnnesterJ.exe
C:\Program Files\OPERA\opera.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB008" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB010" /M "Stylus C45"
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB007" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 3)" /O6 "USB018" /M "Stylus C45"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D508AC6D-A9E7-41B5-915C-44B25EA08A6E}: NameServer = 202.81.160.6 202.81.160.7
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
===============
Run HiJackThis, click "Scan", then check(tick) the following, if present:
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:
file...
C:\WINDOWS\System32\syslog32.exe
-
Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".
-
Reboot.
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
Logfile of HijackThis v1.99.1
Scan saved at 11:10:47 AM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\OPERA\opera.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB008" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB010" /M "Stylus C45"
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB007" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 3)" /O6 "USB018" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 4)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 4)" /O6 "USB021" /M "Stylus C45"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D508AC6D-A9E7-41B5-915C-44B25EA08A6E}: NameServer = 202.81.160.6 202.81.160.7
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 4:54:55 PM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10RN2.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB008" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB010" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB007" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 3)" /O6 "USB018" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 4)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 4)" /O6 "USB021" /M "Stylus C45"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 4:54:55 PM, on 8/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10RN2.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C43 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB008" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB010" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB007" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 3)" /O6 "USB018" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 4)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 4)" /O6 "USB021" /M "Stylus C45"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
==
Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows and hit the "Fix checked" button.
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
Now delete this file;
C:\WINDOWS\System32\libsys32.exe
==
Reboot when done and post another log please.
Logfile of HijackThis v1.99.1
Scan saved at 10:03:43 AM, on 9/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\OPERA\opera.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB007" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 5)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 5)" /O6 "USB021" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 4)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 4)" /O6 "USB018" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 3)" /O6 "USB013" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB011" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB008" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 6)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 6)" /O6 "USB025" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 7)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 7)" /O6 "USB027" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 8)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 8)" /O6 "USB029" /M "Stylus C45"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Scanner Utilities.lnk = C:\WINDOWS\TWAIN_32\AOC\F-610\SCANER32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D508AC6D-A9E7-41B5-915C-44B25EA08A6E}: NameServer = 10.10.10.10 10.10.11.10
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
Remove:
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P32 "EPSON Stylus C83 Series (Copy 1)" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P23 "EPSON Stylus C83 Series" /O5 "LPT1:" /M "Stylus C83"
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S 2.EXE /P23 "EPSON Stylus C65 Series" /O6 "USB001" /M "Stylus C65"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H 2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB004" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 BP.EXE /P26 "EPSON Stylus CX3500 Series" /O6 "USB007" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 5)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 5)" /O6 "USB021" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 4)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 4)" /O6 "USB018" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 3)" /O6 "USB013" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB011" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB008" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 6)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 6)" /O6 "USB025" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 7)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 7)" /O6 "USB027" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 8)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 8)" /O6 "USB029" /M "Stylus C45"
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsys32.exe (file missing)
Do you have a printer farm or something that you have that many different Epson agents starting at bootup?