sound problem

pangetpanget
edited January 2006 in Spyware & Virus Removal
No sound came out, but the settings look fine. Is it malware related? Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:54:45 PM, on 12/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
C:\WINDOWS\System32\msgconfigre.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\O&K Print Watch\WatchSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB013" /M "Stylus C45"
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB031" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB005" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80"
O4 - HKLM\..\Run: [EPSON Stylus C80 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C80 Series (Copy 1)" /O6 "USB014" /M "Stylus C80"
O4 - HKLM\..\Run: [EPSON Stylus CX6500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P35 "EPSON Stylus CX6500 Series (Copy 1)" /O6 "USB026" /M "Stylus CX6500"
O4 - HKLM\..\Run: [EPSON Stylus C67 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "EPSON Stylus C67 Series (Copy 1)" /O6 "USB033" /M "Stylus C67"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB044" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB023" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB018" /M "Stylus C45"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6500 Series (Copy 2) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P47 "Auto EPSON Stylus CX6500 Series (Copy 2) on PC1" /O15 "\\PC1\Printer12" /M "Stylus CX6500"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6500 Series (Copy 1) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P47 "Auto EPSON Stylus CX6500 Series (Copy 1) on PC1" /O15 "\\PC1\Printer13" /M "Stylus CX6500"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3500 Series (Copy 2) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P47 "Auto EPSON Stylus CX3500 Series (Copy 2) on PC1" /O15 "\\PC1\Printer17" /M "Stylus CX3500"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3500 Series on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P38 "Auto EPSON Stylus CX3500 Series on PC1" /O15 "\\PC1\Printer19" /M "Stylus CX3500"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3500 Series (Copy 1) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P47 "Auto EPSON Stylus CX3500 Series (Copy 1) on PC1" /O15 "\\PC1\Printer18" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus CX3100 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P28 "EPSON Stylus CX3100 (Copy 1)" /O5 "LPT1:" /M "Stylus CX3100"
O4 - HKLM\..\Run: [EPSON Stylus CX3100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3100" /O5 "FILE:" /M "Stylus CX3100"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 4)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 4)" /O6 "USB042" /M "Stylus C45"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX6500 Series on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P38 "Auto EPSON Stylus CX6500 Series on PC1" /O13 "\\PC1\Printer" /M "Stylus CX6500"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 5)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 5)" /O6 "USB044" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 2)" /O6 "USB016" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 3)" /O6 "USB047" /M "Stylus CX3500"
O4 - HKLM\..\Run: [Microsoft Configure 32] msgconfigre.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 1)" /O6 "USB034" /M "Stylus CX3500"
O4 - HKLM\..\RunServices: [Microsoft Configure 32] msgconfigre.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [Microsoft Configure 32] msgconfigre.exe
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: O&K Print Watch Service - Unknown owner - C:\Program Files\O&K Print Watch\WatchSrv.exe

======================

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited December 2005
    [STEP 1] A quick favor:
    Before we begin removing malware I would like to ask you a small favor. Please go to http://virusscan.jotti.org and submit the file below for analysis and post the log here. This will help complete SpywareShooter.com's HijackThis entry database.

    msgconfigre.exe

    [STEP 2] Fix HijackThis Entries:
    Fix the following entries with HijackThis by placing checkmarks in the boxes next to them and clicking "Fix Checked".

    O4 - HKLM\..\RunServices: [Microsoft Configure 32] msgconfigre.exe
    O4 - HKCU\..\Run: [Microsoft Configure 32] msgconfigre.exe

    [STEP 3] Remove Malicious Files:
    Locate the following files using Windows Explorer (the My Computer icon or shortcut) and delete them from your computer.

    msgconfigre.exe

    [STEP 4]Report Back to us:
    Once you have followed all of the steps above please reboot your computer and post a new HijackThis log.
  • pangetpanget
    edited December 2005
    I just found a wrong connection at the speakers. The malware did not interfere with the sound system.

    Therefore, it's not a sound problem. And it's definitely not a sound problem (if you get the pun) too because of what I found in virusscan.jotti:

    Service load:
    0% 100%
    File: msgconfigre.exe
    Status: INFECTED/MALWARE
    MD5 811a3460454d5fbd93539f5cd7b95782
    Packers detected: POLYCRYPT, UPX
    Scanner results
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found Backdoor.RBot.26074234
    ClamAV Found nothing
    Dr.Web Found Win32.HLLW.MyBot.based
    F-Prot Antivirus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found Backdoor.Win32.Rbot.gen
    NOD32 Found nothing
    Norman Virus Control Found nothing
    UNA Found nothing
    VBA32 Found nothing

    Last file scanned at least one scanner reported something about: JIAJIAGJHV1.55.rar, detected by:
    Scanner Malware name
    AntiVir X
    ArcaVir X
    Avast Win32:Trojano-2503
    AVG Antivirus X
    BitDefender X
    ClamAV X
    Dr.Web BackDoor.Gina
    F-Prot Antivirus X
    Fortinet X
    Kaspersky Anti-Virus X
    NOD32 X
    Norman Virus Control X
    UNA X
    VBA32 Embedded.BackDoor.Plunix

    I'll follow Step 2 and above a bit later. I'm only sending the info you've requested on Step 1.
  • pangetpanget
    edited December 2005
    Just done. Here's my latest log:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:59:47 PM, on 12/28/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\O&K Print Watch\WatchSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\MediaGateway\MediaGateway.exe
    C:\program files\zango\zango.exe
    C:\WINDOWS\tgzozqt.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\WINDOWS\System32\kbdows.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\kbdows.exe
    C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB013" /M "Stylus C45"
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB019" /M "Stylus C45"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB005" /M "Stylus Photo RX630"
    O4 - HKLM\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80"
    O4 - HKLM\..\Run: [EPSON Stylus C80 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C80 Series (Copy 1)" /O6 "USB014" /M "Stylus C80"
    O4 - HKLM\..\Run: [EPSON Stylus CX6500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P35 "EPSON Stylus CX6500 Series (Copy 1)" /O6 "USB026" /M "Stylus CX6500"
    O4 - HKLM\..\Run: [EPSON Stylus C67 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "EPSON Stylus C67 Series (Copy 1)" /O6 "USB033" /M "Stylus C67"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB044" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB023" /M "Stylus Photo R210"
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB018" /M "Stylus C45"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX6500 Series (Copy 2) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P47 "Auto EPSON Stylus CX6500 Series (Copy 2) on PC1" /O15 "\\PC1\Printer12" /M "Stylus CX6500"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX6500 Series (Copy 1) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P47 "Auto EPSON Stylus CX6500 Series (Copy 1) on PC1" /O15 "\\PC1\Printer13" /M "Stylus CX6500"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX3500 Series (Copy 2) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P47 "Auto EPSON Stylus CX3500 Series (Copy 2) on PC1" /O15 "\\PC1\Printer17" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX3500 Series on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P38 "Auto EPSON Stylus CX3500 Series on PC1" /O15 "\\PC1\Printer19" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX3500 Series (Copy 1) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P47 "Auto EPSON Stylus CX3500 Series (Copy 1) on PC1" /O15 "\\PC1\Printer18" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [EPSON Stylus CX3100 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P28 "EPSON Stylus CX3100 (Copy 1)" /O5 "LPT1:" /M "Stylus CX3100"
    O4 - HKLM\..\Run: [EPSON Stylus CX3100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3100" /O5 "FILE:" /M "Stylus CX3100"
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 4)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 4)" /O6 "USB042" /M "Stylus C45"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX6500 Series on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P38 "Auto EPSON Stylus CX6500 Series on PC1" /O13 "\\PC1\Printer" /M "Stylus CX6500"
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 5)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 5)" /O6 "USB044" /M "Stylus C45"
    O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 2)" /O6 "USB016" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 3)" /O6 "USB047" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [Microsoft Configure 32] msgconfigre.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 1)" /O6 "USB034" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
    O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
    O4 - HKLM\..\Run: [tgzozqt] C:\WINDOWS\tgzozqt.exe
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 3)" /O6 "USB025" /M "Stylus C45"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
    O4 - HKCU\..\Run: [kbdows] C:\WINDOWS\System32\kbdows.exe
    O4 - HKCU\..\RunOnce: [kbdows] C:\WINDOWS\System32\kbdows.exe
    O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
    O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c2.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: O&K Print Watch Service - Unknown owner - C:\Program Files\O&K Print Watch\WatchSrv.exe
  • pangetpanget
    edited January 2006
    SpywareShooter, please respond. I'm really stuck, and the viruses and spywares affect our services to our customers. I tried a concoction of anti-spyware tools such as Ewido and Ad-Aware, but there are some unknown entries in hijack this that I'm afraid to take out:
    Logfile of HijackThis v1.99.1
    Scan saved at 2:11:54 PM, on 1/3/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\O&K Print Watch\WatchSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
    C:\WINDOWS\System32\kbdows.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\kbdows.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\SSC Service Utility\ssc_serv.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\System32\svccms.exe
    C:\Documents and Settings\sze\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_7_0.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB013" /M "Stylus C45"
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB019" /M "Stylus C45"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB005" /M "Stylus Photo RX630"
    O4 - HKLM\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80"
    O4 - HKLM\..\Run: [EPSON Stylus C80 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P32 "EPSON Stylus C80 Series (Copy 1)" /O6 "USB014" /M "Stylus C80"
    O4 - HKLM\..\Run: [EPSON Stylus CX6500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P35 "EPSON Stylus CX6500 Series (Copy 1)" /O6 "USB026" /M "Stylus CX6500"
    O4 - HKLM\..\Run: [EPSON Stylus C67 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "EPSON Stylus C67 Series (Copy 1)" /O6 "USB033" /M "Stylus C67"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB044" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB023" /M "Stylus Photo R210"
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB018" /M "Stylus C45"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX6500 Series (Copy 2) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P47 "Auto EPSON Stylus CX6500 Series (Copy 2) on PC1" /O15 "\\PC1\Printer12" /M "Stylus CX6500"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX6500 Series (Copy 1) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P47 "Auto EPSON Stylus CX6500 Series (Copy 1) on PC1" /O15 "\\PC1\Printer13" /M "Stylus CX6500"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX3500 Series (Copy 2) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P47 "Auto EPSON Stylus CX3500 Series (Copy 2) on PC1" /O15 "\\PC1\Printer17" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX3500 Series on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P38 "Auto EPSON Stylus CX3500 Series on PC1" /O15 "\\PC1\Printer19" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX3500 Series (Copy 1) on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P47 "Auto EPSON Stylus CX3500 Series (Copy 1) on PC1" /O15 "\\PC1\Printer18" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [EPSON Stylus CX3100 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P28 "EPSON Stylus CX3100 (Copy 1)" /O5 "LPT1:" /M "Stylus CX3100"
    O4 - HKLM\..\Run: [EPSON Stylus CX3100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3100" /O5 "FILE:" /M "Stylus CX3100"
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 4)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 4)" /O6 "USB026" /M "Stylus C45"
    O4 - HKLM\..\Run: [Auto EPSON Stylus CX6500 Series on PC1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P38 "Auto EPSON Stylus CX6500 Series on PC1" /O13 "\\PC1\Printer" /M "Stylus CX6500"
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 5)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 5)" /O6 "USB038" /M "Stylus C45"
    O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 2)" /O6 "USB016" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 3)" /O6 "USB047" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 1)" /O6 "USB034" /M "Stylus CX3500"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [msconfig41] svccms.exe
    O4 - HKLM\..\RunServices: [msconfig41] svccms.exe
    O4 - HKCU\..\Run: [kbdows] C:\WINDOWS\System32\kbdows.exe
    O4 - HKCU\..\RunOnce: [kbdows] C:\WINDOWS\System32\kbdows.exe
    O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.2.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D508AC6D-A9E7-41B5-915C-44B25EA08A6E}: NameServer = 202.81.160.6 202.81.160.7
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: O&K Print Watch Service - Unknown owner - C:\Program Files\O&K Print Watch\WatchSrv.exe

    ==============

    Thanks. If you're unable to do so because of time constraints, please send a representative to help me get rid of this problem.
  • pangetpanget
    edited January 2006
    Here's the log report from Ewido. Maybe this will help.
    ewido security suite - Scan report

    + Created on: 1:39:45 PM, 1/3/2006
    + Report-Checksum: D21087B9

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{690B8ED9-7B35-4fbe-B69C-58D58F3E6B07}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID\\ -> Spyware.E2Give : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control.1\CLSID\\ -> Spyware.E2Give : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
    HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
    HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1214440339-1960408961-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3WV5J9Z9\emoticons[1].exe -> Trojan.LowZones.cq : Cleaned with backup
    C:\Program Files\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
    C:\emoticonz.exe -> Trojan.LowZones.cf : Cleaned with backup
    C:\Documents and Settings\sze\Local Settings\Temporary Internet Files\Content.IE5\4JMLCD0F\drsmartload_js[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
    C:\Documents and Settings\sze\Local Settings\Temporary Internet Files\Content.IE5\I9OHOBC1\emoticons[1].exe -> Trojan.LowZones.cf : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP77\A0057098.exe -> Trojan.LowZones.cq : Cleaned with backup


    ::Report End
  • pangetpanget
    edited January 2006
    Here's the log report from Ewido. Maybe this will help.
    ewido security suite - Scan report

    + Created on: 1:39:45 PM, 1/3/2006
    + Report-Checksum: D21087B9

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{690B8ED9-7B35-4fbe-B69C-58D58F3E6B07}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID\\ -> Spyware.E2Give : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Cleaned with backup
    HKLM\SOFTWARE\Classes\IeBHOs.Control.1\CLSID\\ -> Spyware.E2Give : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
    HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
    HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1214440339-1960408961-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3WV5J9Z9\emoticons[1].exe -> Trojan.LowZones.cq : Cleaned with backup
    C:\Program Files\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
    C:\emoticonz.exe -> Trojan.LowZones.cf : Cleaned with backup
    C:\Documents and Settings\sze\Local Settings\Temporary Internet Files\Content.IE5\4JMLCD0F\drsmartload_js[1].htm -> TrojanDownloader.IstBar.j : Cleaned with backup
    C:\Documents and Settings\sze\Local Settings\Temporary Internet Files\Content.IE5\I9OHOBC1\emoticons[1].exe -> Trojan.LowZones.cf : Cleaned with backup
    :mozilla.7:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\sze\Application Data\Mozilla\Firefox\Profiles\8cv2zcmv.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\System Volume Information\_restore{C86C1BE7-B824-4166-B2D3-B45AA4C80977}\RP77\A0057098.exe -> Trojan.LowZones.cq : Cleaned with backup


    ::Report End
Sign In or Register to comment.