Email is not working

Hello,

Please take a look at my system. I've just installed Kaspersky and a lot of problems began to surface. I feel that there is a virus that has yet to be removed. Here's the log:

Logfile of Trend Micro

HijackThis v2.0.2
Scan saved at 10:12:46, on

2008-3-26
Platform: Windows XP SP3

(WinNT 5.01.2600)
MSIE: Internet Explorer v8.00

(8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32

\winlogon.exe
D:\WINDOWS\system32

\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32

\Ati2evxx.exe
D:\WINDOWS\system32

\svchost.exe
D:\WINDOWS\System32

\svchost.exe
D:\WINDOWS\system32

\Ati2evxx.exe
D:\WINDOWS\system32

\spoolsv.exe
D:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus

2010\avp.exe
D:\Program

Files\Bonjour\mDNSResponder.e

xe
D:\Program Files\95599

Certificate

Tools\Watertek\c20ukdrwsvr.ex

e
D:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe
D:\WINDOWS\system32

\HZ_CommSrv.exe
D:\Program Files\Java\jre6

\bin\jqs.exe
D:\WINDOWS\system32

\svchost.exe
D:\Program Files\Yahoo!

\SoftwareUpdate\YahooAUServic

e.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE
D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAHP.EXE
D:\WINDOWS\system32

\Rundll32.exe
D:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus

2010\avp.exe
D:\WINDOWS\VM_STI.EXE
D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATI9AP.EXE
D:\WINDOWS\system32

\ctfmon.exe
D:\Documents and

Settings\Owner\Local

Settings\Application

Data\Google\Update\1.2.183.29

\GoogleCrashHandler.exe
D:\Program Files\Mozilla

Firefox\firefox.exe
D:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus

2010\klwtblfs.exe
D:\Program

Files\kondge_netphone_sipsms\

KONDGE_NetphoneSMS.exe
D:\Program Files\Trend

Micro\HijackThis\HijackThis.e

xe

F2 - REG:system.ini:

UserInit=userinit.exe,passwor

d_viewer.exe
O2 - BHO: &Yahoo! Toolbar

Helper - {02478D38-C3F9-4efb

-9B51-7695ECA05670} -

D:\Program Files\Yahoo!

\Companion\Installs\cpn3

\yt.dll
O2 - BHO: Adobe PDF Reader

Link Helper - {06849E9F-C8D7

-4D59-B87D-784B7D6BE0B3} -

D:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\A

croIEHelper.dll
O2 - BHO: AcroIEHelperStub -

{18DF081C-E8AD-4283-A596-

FA578C2EBDC3} - D:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\A

croIEHelperShim.dll
O2 - BHO: QQ工具栏 -

{29CF293A-1E7D-4069-9E11-

E39698D0AF95} - D:\Program

Files\Tencent\QQToolbar\IEBar

.dll
O2 - BHO: IEVkbdBHO -

{59273AB4-E7D3-40F9-A1A8-

6FA9CCA1862C} - D:\Program

Files\Kaspersky Lab\Kaspersky

Anti-Virus 2010\ievkbd.dll
O2 - BHO: ThunderAtOnce Class

- {D13424D4-2159-46EC-A46D-

17BD39FDC3ED} - D:\Program

Files\Internet

Explorer\Connection

Wizard\TDAtOnce_Now.dll
O2 - BHO: Java(tm) Plug-In 2

SSV Helper - {DBC80044-A445-

435b-BC74-9C25C1C588A9} -

D:\Program Files\Java\jre6

\bin\jp2ssv.dll
O2 - BHO: link filter bho -

{E33CF602-D945-461A-83F0-

819F76A199F8} - D:\Program

Files\Kaspersky Lab\Kaspersky

Anti-Virus 2010\klwtbbho.dll
O2 - BHO:

JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-

EABFE594F69C} - D:\Program

Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin

.dll
O2 - BHO: EpsonToolBandKicker

Class - {E99421FB-68DD-40F0-

B4AC-B7027CAE2F1A} -

D:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-

Page.dll
O2 - BHO: SingleInstance

Class - {FDAD4DA1-61A2-4FD8-

9C17-86F7AC245081} -

D:\Program Files\Yahoo!

\Companion\Installs\cpn3

\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-

Page - {EE5D279F-081B-4404-

994D-C6B60AAEBA6D} -

D:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-

Page.dll
O3 - Toolbar: QQ工具栏 -

{29CF293A-1E7D-4069-9E11-

E39698D0AF95} - D:\Program

Files\Tencent\QQToolbar\IEBar

.dll
O3 - Toolbar: Google Toolbar

- {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - D:\Program

Files\Google\Google

Toolbar\GoogleToolbar_32.dll

(file missing)
O3 - Toolbar: Yahoo! Toolbar

- {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - D:\Program

Files\Yahoo!

\Companion\Installs\cpn3

\yt.dll
O4 - HKLM\..\Run: [EPSON

Stylus Photo R230 Series]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE /P30 "EPSON

Stylus Photo R230 Series" /O6

"USB001" /M "Stylus Photo

R230"
O4 - HKLM\..\Run: [EPSON

Stylus Photo R230 Series

(Copy 5)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE /P39 "EPSON

Stylus Photo R230 Series

(Copy 5)" /O6 "USB050" /M

"Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON

Stylus Photo RX630 Series]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATI9HP.EXE /P31 "EPSON

Stylus Photo RX630 Series"

/O6 "USB011" /M "Stylus Photo

RX630"
O4 - HKLM\..\Run: [EPSON

Stylus CX3500 Series (Copy

1)] D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATI9BP.EXE /P35 "EPSON

Stylus CX3500 Series (Copy

1)" /O6 "USB034" /M "Stylus

CX3500"
O4 - HKLM\..\Run: [EPSON

Stylus Photo R230 Series

(Copy 10)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE /P40 "EPSON

Stylus Photo R230 Series

(Copy 10)" /O6 "USB053" /M

"Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON

Stylus Photo R300 Series

(Copy 1)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_S4I2F1.EXE /P39 "EPSON

Stylus Photo R300 Series

(Copy 1)" /O5 "LPT1:" /M

"Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON

Stylus Photo RX630 Series

(Copy 1)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATI9HP.EXE /P40 "EPSON

Stylus Photo RX630 Series

(Copy 1)" /O6 "USB034" /M

"Stylus Photo RX630"
O4 - HKLM\..\Run: [EPSON

Stylus Photo R250 Series]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAHP.EXE /P30 "EPSON

Stylus Photo R250 Series" /O6

"USB033" /M "Stylus Photo

R250"
O4 - HKLM\..\Run: [EPSON

Stylus Photo R230 Series

(Copy 11)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE /P40 "EPSON

Stylus Photo R230 Series

(Copy 11)" /O6 "USB054" /M

"Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON

Stylus Photo R230 Series

(Copy 2)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE /P39 "EPSON

Stylus Photo R230 Series

(Copy 2)" /O6 "USB044" /M

"Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON

Stylus Photo R230 Series

(Copy 1)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE /P39 "EPSON

Stylus Photo R230 Series

(Copy 1)" /O6 "USB032" /M

"Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON

Stylus Photo R230 Series

(Copy 4)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE /P39 "EPSON

Stylus Photo R230 Series

(Copy 4)" /O6 "USB049" /M

"Stylus Photo R230"
O4 - HKLM\..\Run: [DirLocker]

D:\Documents and Settings\All

Users\application

data\Zilch.InfiniSoft\dirlock

.exe
O4 - HKLM\..\Run: [LSAShell]

D:\WINDOWS\lsass.exe
O4 - HKLM\..\Run: [stup.exe]

Rundll32.exe D:\PROGRA~1

\TENCENT\SSPlus\SPlus.dll,Run

dll32 R
O4 - HKLM\..\Run: [AVP]

"D:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus

2010\avp.exe"
O4 - HKLM\..\Run: [SSC

Service Utility] D:\Program

Files\SSC Service

Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [EPSON

Stylus Photo R230 Series

(Copy 7)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE /P39 "EPSON

Stylus Photo R230 Series

(Copy 7)" /O6 "USB046" /M

"Stylus Photo R230"
O4 - HKLM\..\Run: [NewRecog]

D:\Program

Files\HandWrite\MyNewRecog.ex

e
O4 - HKLM\..\Run:

[BigDogPath]

D:\WINDOWS\VM_STI.EXE ZSMC

USB PC Camera
O4 - HKLM\..\Run: [EPSON

Stylus Photo R230 Series

(Copy 6)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE /P39 "EPSON

Stylus Photo R230 Series

(Copy 6)" /O6 "USB045" /M

"Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON

Stylus CX4500 Series]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATI9AP.EXE /P26 "EPSON

Stylus CX4500 Series" /O6

"USB040" /M "Stylus CX4500"
O4 - HKLM\..\Run: [EPSON

Stylus C87 Series (Copy 1)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIABP.EXE /P32 "EPSON

Stylus C87 Series (Copy 1)"

/O6 "USB043" /M "Stylus C87"
O4 - HKLM\..\Run: [EPSON

Stylus Photo R230 Series

(Copy 3)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIAIP.EXE /P39 "EPSON

Stylus Photo R230 Series

(Copy 3)" /O6 "USB045" /M

"Stylus Photo R230"
O4 - HKCU\..\Run: [WinSys]

D:\WINDOWS\system.exe
O4 - HKCU\..\Run:

[ctfmon.exe]

D:\WINDOWS\system32

\ctfmon.exe
O4 - HKCU\..\Run: [Google

Update] "D:\Documents and

Settings\Owner\Local

Settings\Application

Data\Google\Update\GoogleUpda

te.exe" /c
O4 - HKCU\..\Run: [EPSON

Stylus Photo 1390 Series

(Copy 1)]

D:\WINDOWS\System32

\spool\DRIVERS\W32X86\3

\E_FATIBXP.EXE /FU

"D:\WINDOWS\TEMP\E_S119.tmp"

/EF "HKCU"
O8 - Extra context menu item:

E&xport to Microsoft Excel -

res://D:\PROGRA~1\MICROS~2

\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item:

添加到QQ表情 - D:\Program

Files\Tencent\QQ\Bin\AddEmoti

on.htm
O9 - Extra button: &Virtual

keyboard - {4248FE82-7FCB-

46AC-B270-339F08212110} -

D:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus

2010\klwtbbho.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-

3C9C571A8263} - D:\PROGRA~1

\MICROS~2\OFFICE11

\REFIEBAR.DLL
O9 - Extra button: URLs

c&heck - {CCF151D8-D089-449F

-A5A4-D9909053F20F} -

D:\Program Files\Kaspersky

Lab\Kaspersky Anti-Virus

2010\klwtbbho.dll
O9 - Extra button: (no name)

- {e2e2dd38-d088-4134-82b7-

f2ba38496583} -

D:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:

@xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-

f2ba38496583} -

D:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger

- {FB5F1910-F110-11d2-BB9E-

00C04F795683} - D:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-

00C04F795683} - D:\Program

Files\Messenger\msmsgs.exe
O11 - Options group: [TBH]

SOSO AddressBar Search
O15 - Trusted Zone:

http://easyabc.95599.cn
O15 - Trusted Zone:

http://www.95599.cn
O15 - Trusted Zone:

http://www.abchina.com
O15 - ESC Trusted Zone:

[url]http://*.update.microsoft.com[/url]
O16 - DPF: {62B938C4-4190-

4F37-8CF0-A92B0A91CC77}

(InfoSecNetSign Class) -

http://www.95599.cn/update/do

wn/NetSign.cab
O16 - DPF: {9B479D7B-916A-

45B0-B042-D42865A60E21}

(DvrOcx Control) -

http://111.68.34.113/DvrOcx.c

ab
O16 - DPF: {D27CDB6E-AE6D-

11CF-96B8-444553540000}

(Shockwave Flash Object) -

http://fpdownload2.macromedia

.com/get/shockwave/cabs/flash

/swflash.cab
O20 - AppInit_DLLs:

D:\PROGRA~1\KASPER~1

\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM

Service - Adobe Systems -

D:\Program Files\Common

Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey

Poller - ATI Technologies

Inc. - D:\WINDOWS\system32

\Ati2evxx.exe
O23 - Service: ATI Smart -

Unknown owner -

D:\WINDOWS\system32

\ati2sgag.exe
O23 - Service: Kaspersky

Anti-Virus (AVP) - Kaspersky

Lab - D:\Program

Files\Kaspersky Lab\Kaspersky

Anti-Virus 2010\avp.exe
O23 - Service:

##Id_String1.6844F930_1628_42

23_B5CC_5BB94B879762##

(Bonjour Service) - Apple

Computer, Inc. - D:\Program

Files\Bonjour\mDNSResponder.e

xe
O23 - Service: c20ukdrwsvc -

Unknown owner - D:\Program

Files\95599 Certificate

Tools\Watertek\c20ukdrwsvr.ex

e
O23 - Service: EPSON Printer

Status Agent2

(EPSONStatusAgent2) - SEIKO

EPSON CORPORATION -

D:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet

Licensing Service -

Macrovision Europe Ltd. -

D:\Program Files\Common

Files\Macrovision

Shared\FLEXnet

Publisher\FNPLicensingService

.exe
O23 - Service: Google

Software Updater (gusvc) -

Google - D:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.

exe
O23 - Service: HDZB Comm

Service For V2.0 (HZ_CommSrv)

- 华大智宝电子系统有限公司 -

D:\WINDOWS\system32

\HZ_CommSrv.exe
O23 - Service: Java Quick

Starter

(JavaQuickStarterService) -

Sun Microsystems, Inc. -

D:\Program Files\Java\jre6

\bin\jqs.exe
O23 - Service: Tencent

Software Update Service

(TSUSVC) - Tencent -

D:\Program

Files\Tencent\QQSoftMgr\Tence

ntUpdateSvc.exe
O23 - Service: Yahoo! Updater

(YahooAUService) - Yahoo!

Inc. - D:\Program

Files\Yahoo!

\SoftwareUpdate\YahooAUServic

e.exe

--
End of file - 11419 bytes

***

Thank you.

Comments

  • MrTRiotMrTRiot Northern Ontario Icrontian
    edited July 2010
    please repost your HJT log so it's not all indented to one side. It's horrible to read...and it's huge

    Also, is it a PPPoE e-mail? If it is then you need to make sure you set up your e-mail server settings correctly. You'll have received them from your ISP/The person who supplied your e-mail....
Sign In or Register to comment.