Files moving around by itself--help!
The files even move from one drive to another! Here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 20:38:32, on 2007-8-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Danny Sze\Desktop\hijackthis_sfx\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB052" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX4500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AP.EXE /P35 "EPSON Stylus CX4500 Series (Copy 1)" /O6 "USB020" /M "Stylus CX4500"
O4 - HKLM\..\Run: [EPSON Stylus CX6500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P35 "EPSON Stylus CX6500 Series (Copy 1)" /O6 "USB048" /M "Stylus CX6500"
O4 - HKLM\..\Run: [EPSON Stylus Photo R350 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJP.EXE /P30 "EPSON Stylus Photo R350 Series" /O6 "USB026" /M "Stylus Photo R350"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB066" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB077" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [EPSON Stylus Photo R250 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE /P30 "EPSON Stylus Photo R250 Series" /O6 "USB077" /M "Stylus Photo R250"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 1)" /O6 "USB037" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus Photo R350 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJP.EXE /P39 "EPSON Stylus Photo R350 Series (Copy 1)" /O6 "USB009" /M "Stylus Photo R350"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P40 "EPSON Stylus Photo RX630 Series (Copy 1)" /O6 "USB037" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6 "USB006" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB048" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus Photo R250 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE /P39 "EPSON Stylus Photo R250 Series (Copy 1)" /O6 "USB038" /M "Stylus Photo R250"
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P35 "EPSON Stylus CX4100 Series (Copy 1)" /O6 "USB045" /M "Stylus CX4100"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX510 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3K2.EXE /P33 "EPSON Stylus Photo RX510 (Copy 1)" /O6 "USB022" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [EPSON Stylus C67 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "EPSON Stylus C67 Series (Copy 1)" /O6 "USB034" /M "Stylus C67"
O4 - HKLM\..\Run: [EPSON Stylus C79 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE /FU "C:\WINDOWS\TEMP\E_S32D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P35 "EPSON Stylus CX3700 Series (Copy 1)" /O6 "USB042" /M "Stylus CX3700"
O4 - HKLM\..\Run: [EPSON Stylus C87 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P32 "EPSON Stylus C87 Series (Copy 1)" /O6 "USB034" /M "Stylus C87"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P39 "EPSON Stylus Photo R310 Series (Copy 2)" /O6 "USB014" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P39 "EPSON Stylus Photo R310 Series (Copy 1)" /O6 "USB017" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB012" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 15)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P40 "EPSON Stylus Photo R230 Series (Copy 15)" /O6 "USB064" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX4700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\WINDOWS\TEMP\E_S209.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB008" /M "Stylus C45"
O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P47 "Auto EPSON Stylus C67 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer8" /M "Stylus C67"
O4 - HKLM\..\Run: [Auto EPSON Stylus C45 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P47 "Auto EPSON Stylus C45 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer9" /M "Stylus C45"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R230 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P54 "Auto EPSON Stylus Photo R230 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer2" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB009" /M "Stylus CX4200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB031" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R210 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P54 "Auto EPSON Stylus Photo R210 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer4" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/download/Authentic/VBAuthentic.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EFB2DEF-503F-46A7-9DB9-6AD691813346}: NameServer = 202.78.97.41,210.4.2.8
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Ultr_cixd - Unknown owner - C:\WINDOWS\system32\fastopen.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:38:32, on 2007-8-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10MT2.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Danny Sze\Desktop\hijackthis_sfx\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB052" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX4500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AP.EXE /P35 "EPSON Stylus CX4500 Series (Copy 1)" /O6 "USB020" /M "Stylus CX4500"
O4 - HKLM\..\Run: [EPSON Stylus CX6500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P35 "EPSON Stylus CX6500 Series (Copy 1)" /O6 "USB048" /M "Stylus CX6500"
O4 - HKLM\..\Run: [EPSON Stylus Photo R350 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJP.EXE /P30 "EPSON Stylus Photo R350 Series" /O6 "USB026" /M "Stylus Photo R350"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB066" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB077" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [EPSON Stylus Photo R250 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE /P30 "EPSON Stylus Photo R250 Series" /O6 "USB077" /M "Stylus Photo R250"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 1)" /O6 "USB037" /M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus Photo R350 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJP.EXE /P39 "EPSON Stylus Photo R350 Series (Copy 1)" /O6 "USB009" /M "Stylus Photo R350"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HP.EXE /P40 "EPSON Stylus Photo RX630 Series (Copy 1)" /O6 "USB037" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6 "USB006" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V1.EXE /P35 "EPSON Stylus CX1500 Series (Copy 1)" /O6 "USB048" /M "Stylus CX1500"
O4 - HKLM\..\Run: [EPSON Stylus Photo R250 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE /P39 "EPSON Stylus Photo R250 Series (Copy 1)" /O6 "USB038" /M "Stylus Photo R250"
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEP.EXE /P35 "EPSON Stylus CX4100 Series (Copy 1)" /O6 "USB045" /M "Stylus CX4100"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX510 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3K2.EXE /P33 "EPSON Stylus Photo RX510 (Copy 1)" /O6 "USB022" /M "Stylus Photo RX510"
O4 - HKLM\..\Run: [EPSON Stylus C67 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "EPSON Stylus C67 Series (Copy 1)" /O6 "USB034" /M "Stylus C67"
O4 - HKLM\..\Run: [EPSON Stylus C79 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE /FU "C:\WINDOWS\TEMP\E_S32D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P35 "EPSON Stylus CX3700 Series (Copy 1)" /O6 "USB042" /M "Stylus CX3700"
O4 - HKLM\..\Run: [EPSON Stylus C87 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P32 "EPSON Stylus C87 Series (Copy 1)" /O6 "USB034" /M "Stylus C87"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P39 "EPSON Stylus Photo R310 Series (Copy 2)" /O6 "USB014" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P39 "EPSON Stylus Photo R310 Series (Copy 1)" /O6 "USB017" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB012" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 15)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P40 "EPSON Stylus Photo R230 Series (Copy 15)" /O6 "USB064" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX4700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADP.EXE /F "C:\WINDOWS\TEMP\E_S209.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB008" /M "Stylus C45"
O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P47 "Auto EPSON Stylus C67 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer8" /M "Stylus C67"
O4 - HKLM\..\Run: [Auto EPSON Stylus C45 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P47 "Auto EPSON Stylus C45 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer9" /M "Stylus C45"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R230 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P54 "Auto EPSON Stylus Photo R230 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer2" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB009" /M "Stylus CX4200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB031" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R210 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H2.EXE /P54 "Auto EPSON Stylus Photo R210 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer4" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/download/Authentic/VBAuthentic.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EFB2DEF-503F-46A7-9DB9-6AD691813346}: NameServer = 202.78.97.41,210.4.2.8
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Ultr_cixd - Unknown owner - C:\WINDOWS\system32\fastopen.exe
0
This discussion has been closed.
Comments
Since it has been a while, could you post a new HijackThis log please.
Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead
New Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:05:32, on 2007-10-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Danny Sze\Desktop\hijackthis_sfx\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB052" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus Photo R350 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA JP.EXE /P30 "EPSON Stylus Photo R350 Series" /O6 "USB026" /M "Stylus Photo R350"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F 1.EXE /P39 "EPSON Stylus Photo R300 Series (Copy 1)" /O6 "USB017" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX630 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 HP.EXE /P31 "EPSON Stylus Photo RX630 Series" /O6 "USB077" /M "Stylus Photo RX630"
O4 - HKLM\..\Run: [EPSON Stylus Photo R250 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA HP.EXE /P30 "EPSON Stylus Photo R250 Series" /O6 "USB077" /M "Stylus Photo R250"
O4 - HKLM\..\Run: [EPSON Stylus Photo R350 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA JP.EXE /P39 "EPSON Stylus Photo R350 Series (Copy 1)" /O6 "USB009" /M "Stylus Photo R350"
O4 - HKLM\..\Run: [EPSON Stylus Photo R310 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3F 2.EXE /P30 "EPSON Stylus Photo R310 Series" /O6 "USB012" /M "Stylus Photo R310"
O4 - HKLM\..\Run: [EPSON Stylus CX4700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DP.EXE /F "C:\WINDOWS\TEMP\E_S209.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA AP.EXE /P47 "Auto EPSON Stylus C67 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer8" /M "Stylus C67"
O4 - HKLM\..\Run: [Auto EPSON Stylus C45 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P47 "Auto EPSON Stylus C45 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer9" /M "Stylus C45"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R230 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA IP.EXE /P54 "Auto EPSON Stylus Photo R230 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer2" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA EA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB009" /M "Stylus CX4200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H 2.EXE /P30 "EPSON Stylus Photo R210 Series" /O6 "USB031" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R210 Series on USER-FDC4A80EE4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3H 2.EXE /P54 "Auto EPSON Stylus Photo R210 Series on USER-FDC4A80EE4" /O26 "\\USER-FDC4A80EE4\Printer4" /M "Stylus Photo R210"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 4)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 4)" /O6 "USB006" /M "Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 5)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T 1.EXE /P32 "EPSON Stylus C45 Series (Copy 5)" /O6 "USB034" /M "Stylus C45"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/down...BAuthentic.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EFB2DEF-503F-46A7-9DB9-6AD691813346}: NameServer = 202.78.97.41,210.4.2.8
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ultr_cixd - Unknown owner - C:\WINDOWS\system32\fastopen.exe
Thanks.
error in E_DCINST.DLL
Missing entry: VSCheckPrecopyDefault
AhnLab-V3 2007.10.5.1 2007.10.05 -
AntiVir 7.6.0.20 2007.10.04 -
Authentium 4.93.8 2007.10.04 -
Avast 4.7.1051.0 2007.10.04 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.05 -
CAT-QuickHeal 9.00 2007.10.03 -
ClamAV 0.91.2 2007.10.04 -
DrWeb 4.44.0.09170 2007.10.04 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5187 2007.10.04 -
Ewido 4.0 2007.10.04 -
FileAdvisor 1 2007.10.05 -
Fortinet 3.11.0.0 2007.10.05 -
F-Prot 4.3.2.48 2007.10.04 -
F-Secure 6.70.13030.0 2007.10.05 -
Ikarus T3.1.1.12 2007.10.05 -
Kaspersky 7.0.0.125 2007.10.05 -
McAfee 5134 2007.10.04 -
Microsoft 1.2803 2007.10.04 -
NOD32v2 2572 2007.10.04 -
Norman 5.80.02 2007.10.04 -
Panda 9.0.0.4 2007.10.05 -
Prevx1 V2 2007.10.05 -
Rising 19.43.40.00 2007.10.05 -
Sophos 4.22.0 2007.10.05 -
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.05 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.03 -
VirusBuster 4.3.26:9 2007.10.04 -
Webwasher-Gateway 6.0.1 2007.10.04 -
Additional information
File size: 882 bytes
MD5: 68062c0ece86ab7801b5b47fdc855a06
SHA1: f574d8ca521fd9f038d94140d0606f7d622c1d82
packers: ExePack, Com2Exe
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Options:
- Scan Archives
- Click OK
- Now under select a target to scan:
- Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
Please post the Kaspersky report back here.Scan Mail Bases
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 11, 2007 7:58:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 11/10/2007
Kaspersky Anti-Virus database records: 430659
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 102953
Number of viruses found: 4
Number of infected objects: 83
Number of suspicious objects: 0
Duration of the scan process: 08:29:25
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\Danny Sze\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\cert8.db Object is locked skipped
C:\Documents and Settings\Danny Sze\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Danny Sze\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\history.dat Object is locked skipped
C:\Documents and Settings\Danny Sze\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\key3.db Object is locked skipped
C:\Documents and Settings\Danny Sze\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\parent.lock Object is locked skipped
C:\Documents and Settings\Danny Sze\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Danny Sze\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Danny Sze\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk29932.exe/WISE0095.BIN/data0000.cab/ali.exe/data0000.cab/bar.dll Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk29932.exe/WISE0095.BIN/data0000.cab/ali.exe/data0000.cab/update.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk29932.exe/WISE0095.BIN/data0000.cab/ali.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk29932.exe/WISE0095.BIN/data0000.cab/ali.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk29932.exe/WISE0095.BIN/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk29932.exe/WISE0095.BIN Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk29932.exe WiseSFX: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk29932.exe WiseSFX Dropper: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk_install.exe/WISE0306.BIN/data0000.cab/ali.exe/data0000.cab/bar.dll Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk_install.exe/WISE0306.BIN/data0000.cab/ali.exe/data0000.cab/update.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk_install.exe/WISE0306.BIN/data0000.cab/ali.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk_install.exe/WISE0306.BIN/data0000.cab/ali.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk_install.exe/WISE0306.BIN/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk_install.exe/WISE0306.BIN Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk_install.exe WiseSFX: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk_install.exe WiseSFX Dropper: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk29932.exe/WISE0095.BIN/data0000.cab/ali.exe/data0000.cab/bar.dll Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk29932.exe/WISE0095.BIN/data0000.cab/ali.exe/data0000.cab/update.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk29932.exe/WISE0095.BIN/data0000.cab/ali.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk29932.exe/WISE0095.BIN/data0000.cab/ali.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk29932.exe/WISE0095.BIN/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk29932.exe/WISE0095.BIN Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk29932.exe WiseSFX: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk29932.exe WiseSFX Dropper: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31102bd.exe/WISE0314.BIN/data0000.cab/ali.exe/data0000.cab/bar.dll Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31102bd.exe/WISE0314.BIN/data0000.cab/ali.exe/data0000.cab/update.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31102bd.exe/WISE0314.BIN/data0000.cab/ali.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31102bd.exe/WISE0314.BIN/data0000.cab/ali.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31102bd.exe/WISE0314.BIN/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31102bd.exe/WISE0314.BIN Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31102bd.exe WiseSFX: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31102bd.exe WiseSFX Dropper: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31200_alibd.exe/WISE0315.BIN/data0000.cab/ali.exe/data0000.cab/bar.dll Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31200_alibd.exe/WISE0315.BIN/data0000.cab/ali.exe/data0000.cab/update.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31200_alibd.exe/WISE0315.BIN/data0000.cab/ali.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31200_alibd.exe/WISE0315.BIN/data0000.cab/ali.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31200_alibd.exe/WISE0315.BIN/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31200_alibd.exe/WISE0315.BIN Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31200_alibd.exe WiseSFX: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31200_alibd.exe WiseSFX Dropper: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk_install.exe/WISE0275.BIN/data0000.cab/ali.exe/data0000.cab/bar.dll Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk_install.exe/WISE0275.BIN/data0000.cab/ali.exe/data0000.cab/update.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk_install.exe/WISE0275.BIN/data0000.cab/ali.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk_install.exe/WISE0275.BIN/data0000.cab/ali.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk_install.exe/WISE0275.BIN/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk_install.exe/WISE0275.BIN Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk_install.exe WiseSFX: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk_install.exe WiseSFX Dropper: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\Cache\8DE9B371d01 Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\Application Data\Mozilla\Firefox\Profiles\bdturxud.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\History\History.IE5\MSHist012007101120071012\index.dat Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temp\Acr2CFD.tmp Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temp\nm11esl0.exe/WISE0314.BIN/data0000.cab/ali.exe/data0000.cab/bar.dll Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temp\nm11esl0.exe/WISE0314.BIN/data0000.cab/ali.exe/data0000.cab/update.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temp\nm11esl0.exe/WISE0314.BIN/data0000.cab/ali.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temp\nm11esl0.exe/WISE0314.BIN/data0000.cab/ali.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temp\nm11esl0.exe/WISE0314.BIN/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temp\nm11esl0.exe/WISE0314.BIN Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temp\nm11esl0.exe WiseSFX: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temp\nm11esl0.exe WiseSFX Dropper: infected - 6 skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Danny Sze\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Danny Sze\ntuser.dat Object is locked skipped
C:\Documents and Settings\Danny Sze\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Vagaa\Uninstall\setup.exe/file144 Infected: not-a-virus:PSWTool.Win32.PSWMonitor.a skipped
C:\Program Files\Vagaa\Uninstall\setup.exe Inno: infected - 1 skipped
C:\Program Files\阿里巴巴\贸易通\alitb.exe/data0000.cab/ali.exe/data0000.cab/bar.dll Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Program Files\阿里巴巴\贸易通\alitb.exe/data0000.cab/ali.exe/data0000.cab/update.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Program Files\阿里巴巴\贸易通\alitb.exe/data0000.cab/ali.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Program Files\阿里巴巴\贸易通\alitb.exe/data0000.cab/ali.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Program Files\阿里巴巴\贸易通\alitb.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\Program Files\阿里巴巴\贸易通\alitb.exe Rsrc-Package: infected - 5 skipped
C:\RECYCLER\S-1-5-21-1454471165-492894223-1343024091-1004\Dc194\mUninstall.exe Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{96937FFC-038B-47AC-8EA2-10EA8E0480D7}\RP2\A0000099.exe/63mm.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.a skipped
C:\System Volume Information\_restore{96937FFC-038B-47AC-8EA2-10EA8E0480D7}\RP2\A0000099.exe/Zango.exe Infected: Trojan.Win32.Agent.ay skipped
C:\System Volume Information\_restore{96937FFC-038B-47AC-8EA2-10EA8E0480D7}\RP2\A0000099.exe SetupFactory: infected - 2 skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105445.exe/WISE0095.BIN/data0000.cab/ali.exe/data0000.cab/bar.dll Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105445.exe/WISE0095.BIN/data0000.cab/ali.exe/data0000.cab/update.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105445.exe/WISE0095.BIN/data0000.cab/ali.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105445.exe/WISE0095.BIN/data0000.cab/ali.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105445.exe/WISE0095.BIN/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105445.exe/WISE0095.BIN Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105445.exe WiseSFX: infected - 6 skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105445.exe WiseSFX Dropper: infected - 6 skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105446.exe/WISE0306.BIN/data0000.cab/ali.exe/data0000.cab/bar.dll Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105446.exe/WISE0306.BIN/data0000.cab/ali.exe/data0000.cab/update.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105446.exe/WISE0306.BIN/data0000.cab/ali.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105446.exe/WISE0306.BIN/data0000.cab/ali.exe Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105446.exe/WISE0306.BIN/data0000.cab Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105446.exe/WISE0306.BIN Infected: not-a-virus:AdWare.Win32.Alibabar.b skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105446.exe WiseSFX: infected - 6 skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP979\A0105446.exe WiseSFX Dropper: infected - 6 skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP996\A0110299.exe Object is locked skipped
C:\System Volume Information\_restore{B3A98105-E4A5-4E36-BF2B-ABFA7952E9E5}\RP996\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\msetup.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_790.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\WINDOWS\system32\drivers\cdntran.sys Object is locked skipped
D:\WINDOWS\system32\cdn.dll Object is locked skipped
Scan was interrupted by user!
Please do the following...
1. Find and delete the following Files in RED:
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\alitalk29932.exe
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk29932.exe
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk_install.exe
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31102bd.exe
C:\Documents and Settings\Danny Sze\Desktop\OTHER FILES\allapps\otherfilesapps\alitalk31200_alibd.exe
2. Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
This program is for XP and Windows 2000 only!
Double-click ATF Cleaner.exe to open it.
Under Main select the following:
- Windows Temp
- Current User Temp
- All Users Temp
- Temporary Internet Files
- Prefetch
- Java Cache
*The other boxes are optional*Then click the Empty Selected button.
Click Exit on the Main menu to close the program.
3. Do you know what Vagaa is?
Please post a new HijackThis log too.
Scan saved at 18:04:34, on 2007-10-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBFP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\OpenOffice.org1.1.4\program\soffice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Danny Sze\Desktop\hijackthis_sfx\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1
\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -
startup
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 6)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 6)" /O6
"USB042" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus C67 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "EPSON Stylus C67 Series (Copy 1)" /O6 "USB061" /M
"Stylus C67"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 8)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 8)" /O6
"USB054" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 9)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 9)" /O6
"USB045" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus C67 Series (Copy 3)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAAP.EXE /P32 "EPSON Stylus C67 Series (Copy 3)" /O6 "USB053" /M
"Stylus C67"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 10)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P40 "EPSON Stylus Photo R230 Series (Copy 10)" /O6
"USB054" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 11)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P40 "EPSON Stylus Photo R230 Series (Copy 11)" /O6
"USB055" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 1)" /O6 "USB045" /M
"Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 2)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB036" /M
"Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 12)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P40 "EPSON Stylus Photo R230 Series (Copy 12)" /O6
"USB061" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 13)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P40 "EPSON Stylus Photo R230 Series (Copy 13)" /O6
"USB064" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 1)" /O6
"USB057" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 1)" /O6 "USB059"
/M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus C87 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIABP.EXE /P32 "EPSON Stylus C87 Series (Copy 1)" /O6 "USB017" /M
"Stylus C87"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 3)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 3)" /O6
"USB014" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX3500 Series (Copy 2)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P35 "EPSON Stylus CX3500 Series (Copy 2)" /O6 "USB054"
/M "Stylus CX3500"
O4 - HKLM\..\Run: [EPSON Stylus C59 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_SA.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus C59 Series (Copy 2)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S1E.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus C59 Series (Copy 3)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_S46.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 3)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 3)" /O6 "USB037" /M
"Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 5)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 5)" /O6
"USB062" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus C45 Series (Copy 4)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 4)" /O6 "USB040" /M
"Stylus C45"
O4 - HKLM\..\Run: [EPSON Stylus Photo R250 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAHP.EXE /P39 "EPSON Stylus Photo R250 Series (Copy 1)" /O6
"USB041" /M "Stylus Photo R250"
O4 - HKLM\..\Run: [EPSON Stylus CX2900 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIBFP.EXE /FU "C:\WINDOWS\TEMP\E_S79.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 7)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 7)" /O6
"USB053" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /P35 "EPSON Stylus CX3700 Series (Copy 1)" /O6 "USB055"
/M "Stylus CX3700"
O4 - HKLM\..\Run: [EPSON Stylus C79 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE /FU "C:\WINDOWS\TEMP\E_S72.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus C59 Series (Copy 4)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\WINDOWS\TEMP\E_SA1.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 2)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 2)" /O6
"USB008" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series (Copy 4)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P39 "EPSON Stylus Photo R230 Series (Copy 4)" /O6
"USB015" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [EPSON Stylus CX6500 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATI9EP.EXE /P35 "EPSON Stylus CX6500 Series (Copy 1)" /O6 "USB042"
/M "Stylus CX6500"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32
\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [EPSON Stylus Photo R270 Series] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIBNP.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus Photo R270 Series (Copy 1)] C:\WINDOWS\System32
\spool\DRIVERS\W32X86\3\E_FATIBNP.EXE /FU "C:\WINDOWS\TEMP\E_S125.tmp" /EF "HKCU"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) -
https://www.metrobankdirect.com/download/Authentic/VBAuthentic.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EFB2DEF-503F-46A7-9DB9-6AD691813346}: NameServer =
202.78.97.41,210.4.2.8
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1
\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1
\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper
Corporation\Diskeeper\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION -
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO
Recorder\ImapiHelper.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program
files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1
\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1
\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1
\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common
Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ultr_cixd - Unknown owner - C:\WINDOWS\system32\fastopen.exe
***************************
I think Vagaa is some sort of limewire. Where did you find it?
Kaspersky flagged Vagaa as a password monitoring tool. I suggest Uninstalling it and deleting the C:\Program Files\Vagaa folder.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java(TM) SE Runtime Environment 6 update3.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.
Apart from that, the logs are clean. Are you still having problems, apart from the printer one?Thread resolved.