Help - Search - Members - Calendar
Full Version: i need your help
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
sempai
Jun 25 2006, 03:00 AM
Pls help me fix my problem, TASK MANAGER IS NOT WORKING WHEN PRESSING CTRL+ALT+DEL, WHEN I RUN REGEDIT... AN ERROR "ANOTHER PROGRAM IS USING THIS FILE" OCCUR, i already run full system scan using norton 2006 but no virus found...... but everytime i open my laptop, norton keeps blocking an adware and telling me to restart my pc... i already run spybot, i dont know much about computers so i dont really know what to do... your help will be very much appreciated, below is my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 11:47:02 AM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LGDMEBTN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\LG Software\IP Operator\IP Operator.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\LG Software\Battery Miser\batterymiser.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\XPAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sxs.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msconfig.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\lg_swupdate\tmcheck.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\dex\installers\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HncUpdate] C:\HNC\HncUpdate.exe /A
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser\batterymiser.exe"
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\HotKey.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [SRSTrayApp] C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [usrdpa] C:\WINDOWS\system32\usrdpa.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sxs] C:\WINDOWS\system32\sxs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: msconfig.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149126603531
O16 - DPF: {7C09DD8F-D1C6-4315-AE96-AC328FDF734B} (KTActiveX Control) - http://support.kornet.net/sw5/order/Speed/cab/KTActiveX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/yescard2/npkcx_inca.cab
O16 - DPF: {F36637AF-96ED-4044-9907-C0D82A2A91FD} (Xnote Control) - http://www.lge.co.kr/Xnote.cab
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

tnx,
sempai
LoPhatPhuud
Jun 26 2006, 01:56 AM
This will most likely take a few steps, but lets get rid of the main pest first...

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

Once in Safe Mode, go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post a new HiJackThis log.
sempai
Jun 26 2006, 04:56 PM
TNX FOR THE HELP, ive tried doing ctrl alt del and it works...... but norton still blocking an adware n spyware and telling me to restart my computer so it can be completly remove, it happens everytime after boot-up, if im not mistaken one is "adware.look2me"... anyway heres my new log:

Logfile of HijackThis v1.99.1
Scan saved at 1:51:37 AM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LGDMEBTN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\LG Software\IP Operator\IP Operator.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\LG Software\Battery Miser\batterymiser.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\XPAgent.exe
C:\WINDOWS\system32\pifmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\lg_swupdate\tmcheck.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\dex\installers\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HncUpdate] C:\HNC\HncUpdate.exe /A
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser\batterymiser.exe"
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\HotKey.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [SRSTrayApp] C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [usrdpa] C:\WINDOWS\system32\usrdpa.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sxs] C:\WINDOWS\system32\sxs.exe
O4 - HKCU\..\Run: [pifmgr] C:\WINDOWS\system32\pifmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149126603531
O16 - DPF: {7C09DD8F-D1C6-4315-AE96-AC328FDF734B} (KTActiveX Control) - http://support.kornet.net/sw5/order/Speed/cab/KTActiveX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/yescard2/npkcx_inca.cab
O16 - DPF: {F36637AF-96ED-4044-9907-C0D82A2A91FD} (Xnote Control) - http://www.lge.co.kr/Xnote.cab
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

tnx again,
sempai
LoPhatPhuud
Jun 27 2006, 12:55 AM
We can be sure Look2me is gone...


Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
sempai
Jun 27 2006, 02:00 PM
ive done look2me properly but unfortunately, it does not reopen again automatically after reboot or even after rebooting my pc, also no massege from my firewall or any runtime error.... anyway ive posted the look2me txt and my new hijackthis log:



Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 6/27/2006 10:43:17 PM


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded




Logfile of HijackThis v1.99.1
Scan saved at 10:53:38 PM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LGDMEBTN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\LG Software\IP Operator\IP Operator.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\LG Software\Battery Miser\batterymiser.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\usrdpa.exe
C:\WINDOWS\system32\XPAgent.exe
C:\WINDOWS\system32\pifmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\lg_swupdate\tmcheck.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\dex\installers\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HncUpdate] C:\HNC\HncUpdate.exe /A
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser\batterymiser.exe"
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\HotKey.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [SRSTrayApp] C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [usrdpa] C:\WINDOWS\system32\usrdpa.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [sxs] C:\WINDOWS\system32\sxs.exe
O4 - HKCU\..\Run: [pifmgr] C:\WINDOWS\system32\pifmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149126603531
O16 - DPF: {7C09DD8F-D1C6-4315-AE96-AC328FDF734B} (KTActiveX Control) - http://support.kornet.net/sw5/order/Speed/cab/KTActiveX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/yescard2/npkcx_inca.cab
O16 - DPF: {F36637AF-96ED-4044-9907-C0D82A2A91FD} (Xnote Control) - http://www.lge.co.kr/Xnote.cab
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


tnx,
sempai
LoPhatPhuud
Jun 27 2006, 09:32 PM
Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT

Check the following items in HijackThis.
(note: If any R* items mark for deletion, do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

O4 - HKLM\..\Run: [HncUpdate] C:\HNC\HncUpdate.exe /A
O4 - HKCU\..\Run: [usrdpa] C:\WINDOWS\system32\usrdpa.exe
O4 - HKCU\..\Run: [XPAgent] C:\WINDOWS\system32\XPAgent.exe
O4 - HKCU\..\Run: [sxs] C:\WINDOWS\system32\sxs.exe
O4 - HKCU\..\Run: [pifmgr] C:\WINDOWS\system32\pifmgr.exe

Close all windows except HijackThis and click Fix checked.


While still in Safe Mode*, delete the following: (you may need to show hidden files**)
(Files specified without a full path will be located in C:\Windows\ or C:\Windows\System32\)
C:\HNC\ <--delete entire folder,
C:\WINDOWS\system32\usrdpa.exe
C:\WINDOWS\system32\XPAgent.exe
C:\WINDOWS\system32\sxs.exe
C:\WINDOWS\system32\pifmgr.exe

*How to Boot into Safe mode: http://service1.symantec.com/SUPPORT/tsgen...001052409420406
**Show Hidden and System files and folders: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.
sempai
Jun 28 2006, 12:04 PM
after doing all these things, i made a double check by doing a search and i have noticed that i still have the ff files (do i need to delete these files too?):

1. HNC set-up
2. XPAgent.exe-207D4506.pf

And after rebooting from safe mode, Norton detected and deleted a virus name "downloader located at c:/dfndrb_2.exe" and block a security risk name "Adware.dollarRevenue.

Below is my new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:51:00 PM, on 6/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LGDMEBTN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\LG Software\IP Operator\IP Operator.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\LG Software\Battery Miser\batterymiser.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\lg_swupdate\tmcheck.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\dex\installers\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser\batterymiser.exe"
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\HotKey.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [SRSTrayApp] C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149126603531
O16 - DPF: {7C09DD8F-D1C6-4315-AE96-AC328FDF734B} (KTActiveX Control) - http://support.kornet.net/sw5/order/Speed/cab/KTActiveX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/yescard2/npkcx_inca.cab
O16 - DPF: {F36637AF-96ED-4044-9907-C0D82A2A91FD} (Xnote Control) - http://www.lge.co.kr/Xnote.cab
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
sempai
Jun 28 2006, 01:46 PM
by the way ive forgot to tell you that its only now that look2me re-opens automatically....

tnx,
sempai
LoPhatPhuud
Jun 28 2006, 08:24 PM
By all means delete the HNC setup and XPAgent.exe-207D4506.pf files. Also delete c:/dfndrb_2.exe.\


Can you explain further about Look2me opening? The log showed no signs of L2me and the removal program did not find anything.

Best course at this time is to install and run Ewido to see what it finds. I believe there are remnants of prior infections still there. ALso, checking startup locations will help.


First:
Please download, install, and update the free version of Ewido Security Suite:
http://www.ewido.net/en/download/

[1]From the main ewido screen, click on update in the left menu, then click the Start update button.

[2]After the update finishes (the status bar at the bottom will display "Update successful")


Close the program after updating (don't scan with it yet, we'll do that in SAFE MODE)

Copy the following instructions to have handy as you will need to be offline, in SAFE MODE and with IE closed so you will not be able to view this page during the process.

Reboot your PC into SAFE MODE

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Next, run a scan with Ewido.

[3]Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so please be patient

[4]If Ewido finds anything, it will pop up a notification. You can select "remove" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

[5]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Copy and paste the results from that scan back here please for review :)

*Note: Ewido is a free trial product for 14 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update Ewido using the *update* button :)


Second:
Download 'Autoruns' from here:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in this thread.
sempai
Jun 29 2006, 03:20 PM
HNC and XPAgent was deleted but i can no longer find c:/dfndrb_2.exe.\
..... may be it was automatically deleted by norton.....by the way about look2me im sorry i didnt tell you that i already run HijackThis before look2me opens automatically, thats why it was not included in the log.

Does Ewido security suite and Ewido anti spyware just the same? or do i have the right version (V4.0)? Because when i run a scan w/ ewido and click scanner.... theres no "start button", but there are 3 buttons namely 1.SCAN, 2.SETTINGS, 3.SCHEDULER.

Under scan are:
1. Complete system scan
2. Fast scan
3. Registry scan
4. Memory scan
5. Custom Scan

Ive tried running a full system scan and ewido find 930 infected files/ viruses (3 adware/ high risk)but theres no pop up after scan..... and no remove button, perform action w/ all infections, and create encrypted back-up... but theres a buton "apply recomended actions". i didnt do anything yet coz im afraid to make some mistakes but i do save the ewido scan log, ididnt post it yet coz its a very long one but if u want to see it just let me know... pls advice.

tnx,
sempai
LoPhatPhuud
Jun 30 2006, 02:04 AM
I'm using instructions for the old vesrion of Ewido while waiting for the new ones.

Ru, Ewido again, scan and remove recommended., Then post the log in this thread along with a new HiJackThis log.,
sempai
Jun 30 2006, 10:39 AM
4 high risk were found during ewido scan namely
1.Downloader.VB.afb
2. Backdoor.IRCBot.qc
3. Hijacker.VB.fc
4.Downloader.ISTBar

they were quarantine (recommended action) and not deleted, do i have to delete them too? below is my ewido report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:16:28 PM 6/30/2006

+ Scan result:



C:\Documents and Settings\j224k\Shared\_\#1 CD Ripper 1.73.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\#1 DVD Audio Ripper 1.2.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\0day mp3s, full quality albums.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\0day mp3s, quality albums.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\123 DVD Converter 4.0.5.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\123 Hidden Sender 4.26.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\123 Video Converter 3.5.9.9.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\18 Wheels of Steel Convoy Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\1Click DVD Copy 4.2.9.13.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\1Fh Binary Hex Editor 1.08.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\2Flyer Screensaver Builder Pro 7.5.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\2Flyer Screensaver Builder standard 7.5.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\7 Wonders of the Ancient World v1.0 Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\A Roses Quartet 1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\A-squared Free 2.0.0.381.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\A4Desk 5.57.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ABC Amber Becky Converter 2.02.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ABC Amber BlackBerry Converter 2.01.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ABC Amber CHM Converter 4.18.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ABC Amber DBF Converter 2.07.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ABC Amber DBX Converter 3.08.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ABC Amber Outlook Express Converter 4.17.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ABC Amber PDF Merger 2.05.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AC3Tools Pro 1.21 build 096.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ACA Capture Pro (formerly SuperCapture) 6.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ACDSee v8.0.39.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AD Sound Recorder 2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ALO Power Audio Converter 1.5.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AMCap 9.10.88.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AV Burning Studio 1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AV Voice Changer Software Diamond v4.0.50.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AV Voice Changer Software Gold Edition 4.0.64.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AV Voice Changer Sotware Diamond Edition 4.0.64.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AVG Free AntiVirus Definitions 2006-06-21.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AVG Free AntiVirus Definitions 2006-06-22.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AVG Free AntiVirus Definitions 2006-06-23.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AVG Free AntiVirus Definitions 2006-06-25.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AVG v7.0.280.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AVS Audio Tools 4.1.1.200.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AVS DVD Player 2.1.1.200.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AVS Disc Creator 2.1.5.100.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AVS Video Editor 3.3.1.185.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AVS Video Tools 5.3.1.440.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AccesChk 2.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Achieve Planner 1.3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Ad-aware SE Reference File SE1R112 15.06.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Adaptec AIC-7870 PCI SCSI Controller (Emulated) 5.5.5.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AdiIRC 1.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Adobe Photoshop CS2 Tryout to Full Activation.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Adobe Photoshop CS2 v9.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Advanced Encryption Package 2006 Professional 4.4.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Advanced Font Viewer 2.9.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Advanced Installer 4.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Advanced Installer for Java 4.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Advanced Link Manager 2.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Advanced MP3 WMA Recorder 6.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Advanced Office Password Recovery v3.03 PRO.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Advanced Serial Port Terminal 5.0.4.62.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Advanced X Video Converter 4.3.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Advanced X Video Converter 4.3.5.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Agere Systems AC'97 Modem 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Agere Systems PCI-SV92PP Soft Modem 6.0.5365.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Agere Win Modem 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Ahead DVD Ripper 1.4.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Ahead Nero v7.2.0.3b.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aim Fix 06 21 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aim Fix 06 26 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Album Cover Finder 4.0.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AlbumWeb 2.9.1.1360.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AlbumWeb Pro 2.9.1.1360.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alchemy Eye 8.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alchemy Eye PRO 8.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alcohol 120 v1.9.5 Build 3823.-.RETAIL CRK-FFF.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alcohol 120 v1.9.5 Build 3823.-.RETAIL.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alcohol 120 v1.9.5.3823 FULLY.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alcohol 120 v1.9.5.3823.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AlgeWorksheets 1.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alice Amazed 1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\All In One Keylogger 2.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\All in One Secretmaker 5.0.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Allok AVI MPEG Converter 1.5.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Allok MPEG4 Converter 1.1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Allok QuickTime to AVI MPEG DVD Converter 1.1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Allok RM RMVB to AVI MPEG DVD Converter 1.1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Allok Video to 3GP Converter 1.3.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Allok Video to MP4 Converter 1.1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Allok Video to PSP Converter 1.3.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Allok Video to iPod Converter 1.3.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha PDF Crypter 2.1.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha PDF Crypter 2.1.301.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha PDF Saver 2.1.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha PDF Saver 2.1.301.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha PDF Signator 2.1.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha PDF Signator 2.1.301.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha PDF Suite 2.1.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha PDF Suite 2.1.301.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha SPAM Rejector 2.1.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha Timestamper 2.1.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aloaha Timestamper 2.1.301.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alt CDA to MP3 Converter 2.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alt MP3 Bitrate Converter 2.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alt MP3 to WAV Converter 2.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alt OGG to MP3 Converter 2.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Alt WMA to MP3 Converter 2.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AmphiSoft plugins 1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AnFX 5.3.3.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AnalyzerXL 5.9.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\And Round Again 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Android Newsgroup Downloader 4.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Antechinus Animator Professional 8.5.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Antechinus Animator Professional 8.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Anvsoft flash slideshow maker 1.05.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AoA DVD Copy 2.7.5.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AoA DVD Ripper 3.94.9.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AoA DVD Ripper 3.95.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Apollo Audio DVD Creator 1.2.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Apollo DVD Copy 4.6.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Apollo DivX to DVD Creator 3.3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Apollo MPEG to DVD Burner 2.9.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Application As Service 2.0.0.19.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ArchiOffice 8.02.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Archivarius 3000 3.65.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Arctic Rush 1.43.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Ares Galaxy Turbo Booster 4.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ArovaxShield 1.3.15.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Artlandia SymmetryShop 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Ashampoo Burning Studio 6 6.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aspose.AdHoc 1.5.1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aspose.Chart 3.2.5.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aspose.Metafiles 1.1.1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aspose.Network 2.4.4.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aspose.Pdf 3.1.3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aspose.Tasks 1.6.0.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Asset Tracker for Networks 5.9.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Attensa for Outlook 1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Audio Converter &amp; Mixer 3.0.157.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AudioConverter Studio 5.0 build 143.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aurora MPEG To DVD Burner 4.7.21.18.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aurora MPEG To DVD Burner 4.7.21.19.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Aurora Media Workshop 3.3.9.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AutoMail 3.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\AutoUpdate+ 3.2.0.73.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Autoruns 8.52.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Avi Divx Wmv Real Mp3 Media Fixer Pro 6.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Axialis IconWorkshop 6.02.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Azureus 2.4.0.3 B43.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Azureus 2.4.0.3 B45.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Azureus 2.4.0.3 B46.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Azureus 2.4.0.3 B47.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BGEYE 2.69.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BT Engine v4.7 Build 1126-TE.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BWMeter 2.5.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Babya Photo Workshop Professional 11.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Babya Synth Pack 1 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BackLinks Master 1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Batch Watermark Creator 4.91.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Battlefield 2 NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Battlefield Vietnam NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BearShare Pro v5.2.4.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Belkasoft BookaMark 2.04.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Bello Network Monitoring WinGUI 5.3.1.585.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Bello Network Monitoring WinGUI 5.3.1.587.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Bibble 4.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Bible Sander 1.3.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Bill Catchem BC InterDial v2.1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Binary Vortex 3.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BitComet 0.69.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BitComet 0.70.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BitDefender Professional Virus Definitions 388998.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BitDefender Professional Virus Definitions 389165.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BitDefender Professional Virus Definitions 389460.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BitDefender Standard Virus Definitions 388998.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BitDefender Standard Virus Definitions 389165.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BitDefender Standard Virus Definitions 389460.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BitsCast 0.9.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Blackjack International 1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BlindWrite 6.0.0.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BoXiKoN 1.4.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BookCAT 8.10.01.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BookCAT 8.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Bookmark Buddy 3.5.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BootIt Next Generation 1.76e.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Bopup Messenger 4.3.2.3216.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Brother MFC-5840CN Fax Only 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Brothers In Arms Earned In Blood UNLOCKER-UNBAiSEDGOATS.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Brothers in Arms Road to Hill 30 FiXED CHEATS.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Bulk Rename Utility 2.3.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\BurnInTest Pro 5.1.1009.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\C and C Generals Zero Hour GERMAN No-CD Fixed Image.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CC-CAM 1.2.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CD DVD Helper Pro 2.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CD DVD catalog 2.3.0.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CD Label Designer 3.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CD Storage Master 5.97.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CDex 1.70 beta 2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CMailServer 5.3.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Cake Mania v1.0-DELiGHT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Cake Mania v1.0-TNT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Call of Duty 2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Call of Duty United Offensive Minimizer.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CamSplitter 2.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Camtasia Studio 3.1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Capturix NetWorks 4.06.170.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Celtx 0.9.7.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Chainsaw 5.4.2364.19329.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Chainsaw 5.5.2366.22472.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ChameleonNavigator 0.95.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Check&amp;Get 3.0.0.434.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CheckMail 3.0.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Cheetah Quick Burner 1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Chili FTP v1.1.0.18.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Civilization IV v1.09 [ENGLISH] No-DVD Fixed EXE.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CleanCenter 1.39.12.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ClearContext Inbox Manager 2.0.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ClearContext Information Management System Pro 2.0.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Clipboard Box 3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Cobian Backup 8.0.0.138.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Cobian Backup 8.0.0.142.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CodedColor PhotoStudio Pro 5.1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Cold Comfort 1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Colin McRae Rally 2005 Crash Fix-IND.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Colin McRae Rally 2005 Crash Fix.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Collmate 1.34.2.73.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ComCap 4.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Commandos 3 Destination Berlin ALL ACCESS CHEATDOX.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Commandos Strike Force.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Comodo Personal Firewall 2.2.0.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CompressionMaster Suite 2.72.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ConnectedText 1.5.0.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Convert MP3 3.02.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Convert Word to HTML 1.03.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Corymbia Ficifolia 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Credit Card Crusher 113.65a.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Crypt4Free 4.4.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CryptoExpert 2006 Lite 6.5.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CryptoExpert 2006 Pro 6.5.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\CryptoExpert 2006 Professional 6.5.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Cyberlink PowerDVD Deluxe v7.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Cyberlink PowerDVD v7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\D3DGear 1.61.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\DB Workbench 3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\DIFfersifier 3.1.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\DVD Photo Slideshow Professional 6.55.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\DVD to Pocket PC 3.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\D_back 1.62.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\DeSofto SpamFilter 5.03.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\DeadDiskDoctor 1.22.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Declan's Korean FlashCards 2.1.1221.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Democracy Player 0.8.4.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\DesktopPlant 2.2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Dev Hound 2.33.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Diner Dash 2 Restaurant Rescue v1.0.0.228-TNT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Diner Dash v1.0.0.39 Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Directory Opus 8.2.2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Disk Password Protection 4.8.622.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Disk Password Protection 4.8.624.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Document Trace Remover 3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\DoneEx Unit Converter 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Doom 3 and Doom 3 Resurrection of Evil v1.3 KeyCheck-TNT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Doom 3 and Doom 3 Resurrection of Evil v1.3 KeyCheck.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Dot Matrix Pilot 2.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Dotmouse 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\DownloaderXL 5.9.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Dungeons And Dragons Dragonshard.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EDGE Diagrammer 5.07.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EF CheckSum Manager 3.60.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EMS IB FB Manager Lite 4.3.0.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EMS SQL Manager for MySQL Lite 3.7.0.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EMS SQL Manager for MySQL Professional 3.7.0.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ESBPCS for VCL 4.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ESBPCS-Calcs for VCL 4.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ESBPCS-Dates for VCL 4.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ESBPCS-Stats for VCL 4.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ESF Database Convert 4.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EXE Password Protector 1.1.6.214.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Earth Explorer 4.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EarthBrowser 2.10.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EarthTime 1.5.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EarthView 3.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Easy File Sharing Web Server v3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Easy Mail Merge for Outlook 1.1.66.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Easy SpaceGuard Personal Edition 1.2.9.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Easy Time Tracking 2.0.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Easy Time Tracking PRO 2.0.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EditPad Lite 6.0.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EditPad Pro 6.0.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Egg 1.4 2nd Beta.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ElcomSoft Advanced Archive Password Recovery ARCHPR v3.01.7-POPUP.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Eltima Java SWING Components 3.5.90.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Eluent Tools 1.9.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Em@ilCRX 1.2.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Emagic Synth Pack 1 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Epiphany Notes 2.9.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\EraseTemp 3.3.1.12.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ErrorSafe v1.1.44.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ExcelPipe 3.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Extra MAME 3.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Extreme Picture Finder 3.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\F E A R NODVD - Read our board rules -.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\F-Secure Anti-Virus Definitions 06-22-2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\F-Secure Anti-Virus Definitions 06-23-2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\F-Secure Anti-Virus Definitions 06-26-2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FTP Commander Deluxe 8.50.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FTP Commander Pro 7.82.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FTP Now 2.6.43.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FTP Voyager 13.0.0.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FTP Voyager SDK 13.0.0.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Factor Calculator 5.8.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Factor Calculator 5.8.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Fake Webcam 1.764.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Fake Webcam 1.772.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Fast Email 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FastFolders 3.3.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FastPaste 2.52.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FastReport 3.22.14.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FastReport 3.22.15.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FastStone FREE Capture 3.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FastTrackMail 8.20.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Feed Editor RSS Creator 3.77.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Fifa 2005 Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Fifa 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FireDaemon Pro 1.9 GA b.2203.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Fl Studio 6.0.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Flash Optimizer (Lite Edition) 1.4.6.164.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Flash Video MX 2.0.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FlashFXP 3.4.0.1145.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FlexCompress 2.72.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\FollowUpXpert Standard 3.3.634.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Form Pilot Home 2.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Foxy 1.6.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Fresh Download 7.56.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\GData AntiVirusKit 2006-YYePG.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\GX Transcoder 3.00.17.3238 Beta 3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\GameBoost 1 1.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\GameGain 2 2.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\GameHike 1.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\GameThrust 1.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\GetRight Pro 6.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Getright Pro 6.0 beta 7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Ghost Recon Advanced Warfighter 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Gizmo Project 2.0.0.178.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Gizmo Project 2.0.0.179.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Google Earth Pro 3.0beta-VOORHEES.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Google Earth Pro 3.0beta.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Google Submitter 3.9.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Goombah 0.9606.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Grand Theft Auto San Andreas NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Graphics Converter Pro 6.52.60622.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Graphics Converter Pro 6.53.60622.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\GreenBrowser 3.4.0622.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HP DeskJet 6800 series (DOT4PRT) 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HP Deskjet 5900 Series (DOT4PRT) 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HP Infotech CodeVisionAVR v1.24.6 Pro.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HP Photosmart 7150 series (Dot4PRT) 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HP Photosmart 7150 series (Dot4USB) 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HP Photosmart 7350 series (Dot4PRT) 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HP Photosmart 7350 series (Dot4USB) 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HP Photosmart 7550 series (Dot4PRT) 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HP Photosmart 7550 series (Dot4USB) 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HTTrack Website Copier 3.41-BETA-2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Half Life 2 OFFLINE ACTIVATION PATCH-oWNAGE.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Half Life 2 OFFLINE ACTIVATION PATCH.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HardCopy Pro 2.7.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Hex Comparison 1.938.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Hexadecimal to ASCII Converter 4.5.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Hyena 6.7d.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HyperCrafter HTML Editor 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\HyperSnap-DX 6.10.00.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\IE AutoFill 3.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\IPCheck Server Monitor 5.3.1.586 587.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\IconCool Editor 5.14.60622.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\IconCool Manager 4.62.60622.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:&#
sempai
Jun 30 2006, 10:44 AM
C:\Documents and Settings\j224k\Shared\_\IconCool Studio 2.4.60620.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ImTOO DVD Creator 2.0.10.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ImTOO WMA MP3 Converter 2.1.57.0620.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Image for DOS 1.98c.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Image for Windows 1.64c.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ImageIngester 1.5.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\InData 3 4.2.4 beta 2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\InSync 7.0.104.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\IncrediMail Xe Build 2407.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Index.dat Suite 2.9.4 SR1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\IndieVolume 1.4.38.105.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\InstallAware Express 6.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\InstallAware Studio for Windows Installer 6.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Interest Calculator 2.9.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Intergalactic Suicide 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Internet Download Manager v5.03.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\J. River MEDIA CENTER 11.1.188.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Java Chart Designer 4.5.53.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Jitbit RSS Feed Creator 2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Joy ** not wanted stuff here **e Converter 1.1.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\K-Lite Codec Pack 6 20 06.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Karaoke CD+G Creator 2.0.9.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Kaspersky Anti Virus Personal 5.0.388.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Kaspersky Anti-Virus v6.0.0.300-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Kaspersky Anti-Virus v6.0.0.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Kaspersky Internet Security v6.0.0.300-TWK.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Kaspersky Internet Security v6.0.0.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\KeyGo 2.2d.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Lightning Brain ChatterGoofy for Adobe InDesign 1.0.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Lightning Brain ImageLibraryLoader for Adobe InDesign 1.0.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\LimeWire 4.12.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Lotus Approach Password 1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Luxor Amun Rising v1.5.5.8 Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MDaemon 9.0.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MIDI Converter Studio 5.0 build 25.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MOTO GP Ultimate Racing Technology Unlocker.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MP3 WAV Studio 5.94.60622.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MP3 to SWF Converter 2.3.709.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MSI Bluetooth Device 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MacDrive 6.1.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MagicCamera 1.8.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MagicScore Maestro 4.114.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MailEnable Enterprise Edition 2.1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MailEnable Professional Edition 2.1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MakeReadme 1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Marvell Libertas 802.11a g b Wireless LAN Client Adapter 1.0.0.33.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Master Investor 5.0.1.79.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Master the Facts Multiplication 4.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\McAfee VirusScan Definition 4790.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\McAfee VirusScan Definition 4791.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\McAfee VirusScan Definition 4792.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Media Catalog Studio Lite 5.0 Build 130.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Media Purveyor 2.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MediaMan 2.51.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Medved QuoteTracker 3.7.6G.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MemInfo 1.76.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MemberTies Professional 3.21.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Memory Loops v1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Mer-my-Maid 1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Mobile Master 6.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Mobile ** not wanted stuff here **e Converter v2.3.11-TE.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Movie Library 1.3.253.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Movies Database 1.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Moyea Flash to Video Converter 1.0.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Mst defrag home edition 1.8.30.58.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\My Buddy Icons 4.52.60622.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MyProxy 7.53.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MySpeed Server 6.1b.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MyTunesRSS 2.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\MyVoIPSpeed Server 6.1b.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NBA LIVE 2006 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NEED FOR SPEED MOST WANTED CDKEY-2RENTZWH0REZ.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NEED FOR SPEED MOST WANTED.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NEED FOR SPEED Most Wanted BLACK EDITION PATCH.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NEED FOR SPEED Most Wanted [MULTI] No-DVD Fixed Image.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NETanalyser 4.06.170.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Navicast PreZenter 1.0.2.100.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Need For Speed Most Wanted ALL ACCESS CHEAT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Need for Speed Underground 2 NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Neevia docCreator 3.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Neko Puzzle 1.21.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NeoBook 5.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Nero 7.0 Nero 7 Ulta Edition.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Nero 7.0.1.2 Premium 7.0.1.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Nero Burning ROM 7.2.3.2b.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Nero CD-DVD Speed 4.5.1.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Nero Premium Edition v7.2.0.3 KeyMaker.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NetScream 1.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Netvision 2.0.0.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Network Eagle Monitor 4.9.345.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Network Eagle Monitor Pro 4.9.345.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Network Monitoring Master 4.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\News Robot 9.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NewsLeecher 3.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NewsLeecher v3.0 Final..Incl - Read our board rules --RESURRECTiON.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\NewsReactor 1.0..9045.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Nikon Capture v4.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Nofeel FTP Server 3.2.3246.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Norton Internet Security 2006 All.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Nuytsia floribunda a plant and flower study 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\O&amp;O UnErase 4.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Oberon 2.3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Office DocumentsRescue Professional 4.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\One Click ** not wanted stuff here **es 1.01.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Opera 9.0.1 Beta Build 8505.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Opinio 5.2.9.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Overseer Network Monitor 3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PADGen 2.0.2.30.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PC-cillin Antivirus Pattern File 3.523.00.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PC-cillin Antivirus Pattern File 3.527.00.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PC-cillin Antivirus Pattern File 3.529.00.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PCBoost 3 3.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PCHeal 1.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PCMedik 6.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PCThrust 1.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PFrank 1.67.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PPT2DVD v2.5.2.128.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Pacestar UML Diagrammer 5.07.1824.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PageFocus Draw 3.81.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PageFocus Pro 6.81.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PageFocus Reader 6.81.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Pando 0.8.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PaperCut Print Logger 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PaperCut Quota v5.2.570.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Parabuild 2.0.24.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Parse-O-Matic Power Tool 4.03.02.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Passware Access Password Recovery Key v6.5.918.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Passwords and Keys 1.25.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PasteLister 2.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PayPunch 5.3.53.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Payroll Plus Accounting 2005 3.06.0200.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Payroll Plus Enterprise 2005 3.06.0200.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Payroll Plus Lite 2006 3.06.0200.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Payroll Plus Platinum 2006 3.06.0200.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Payroll Plus Professional 2006 3.06.0200.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Payroll Plus Standard 2005 3.06.0200.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Pdf995 7.9s.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Personal Portfolio Manager 7.0.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Personal Stock Monitor Gold 6.0.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Personal Stock Monitor Gold 6.0.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Personal Stock Monitor Standard 6.0.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Personal Stock Monitor Standard 6.0.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Personal Stock Streamer 7.3.2.294.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Photo DVD Maker 6.55.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Photo DVD Maker Professional 6.55.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Photo Pos Pro 1.2.9.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Photo Print Pilot 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Photo Watermark Professional 6.1.3.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Photolightning 4.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Photomatix Pro for Windows 2.2.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Php2Html 1.0.0.24.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PhraseExpress SE 3.0.60.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Picasa 2.5.0 b.32.01.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Picture Merge Genius 2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PictureMan pro 5.0.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PixRecovery 1.0.0623.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Plexis POS 2.8.7.56.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Pocket DVD Wizard 2005 4.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PolderbitS Sound Recorder And Editor v4.0.90.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PostgresDAC 2.3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PowerISO v3.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PowerPointPipe 2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Powerful Cookies 2.7.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\PowrClik Suite 2.7.4.106.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Premium Clock 2.32.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Prime Number Calculator 4.8.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Prince Of Persia 2 Warrior Within NoDISC-MiNT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Prince Of Persia 2 Warrior Within NoDISC.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Print Censor Professional 4.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Pro Evolution Soccer 5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Program Protector 2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ProxyWay 3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ProxyWay Pro 3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\QUAKE 4 DVD - Read our board rules -.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\QUAKE 4 NOCDKEY.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\QuadSucker News 4.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Quake 4 KEYCHECK FiXED-SKULL.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\RA Mystery Case Files Prime Suspects v1.2e-CFF.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\RC Localize 5.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\RSI-Shield 4.5.12.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\RSS Submit 2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\RamSmash 1.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Rapid CSS 2006 7.2.0.68.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Rapid PHP Editor 2006 7.2.0.68.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Read news.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ReadWrite Arabic 1.2.943.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ReadWrite Kanji 1.3.5369.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ReadWrite Korean 2.1.1062.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Real Estate Calculator Suite 4.4.01.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Real Spy Monitor 2.53.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Reaper 0.969.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Reaper 0.970.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Recover My Files 3.96.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Red Light Green Light 2.0.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Registry Mechanic 5.2.0.310.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Remote Desktop for Mobiles 2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Remote Installer 1.3.78.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ReportLab Toolkit 2.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\RightFax 9.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\RoboFolder 1.1.45.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\RoboGEO 4.1.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\RoboImport 1.1.45.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\RssReader 1.0.94.0 beta RC1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SBNews News Robot 9.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SC Net Speeder Lite 4.0.0.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SC Net Speeder Lite 4.0.0.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SDE for Eclipse (CE) 3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SDE for JBuilder (CE) 3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SDE for NetBeans (CE) 3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SDE for Oracle JDeveloper 3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SDE for Oracle JDeveloper Community Edition 3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SDE for Visual Studio .Net (CE) 3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SEO Studio 2.0.4.2032.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SMASH 5.7.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SMS Launcher 5.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SMS Wizard 2.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SMSCaster E-Marketer 2.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SNTP Service 3.0.15.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SPAMfighter Pro 4.5.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SPAMfighter Standard 4.5.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SQL Examiner 1.3.0.36.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SQL Examiner 1.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SQLiteManager 2.0.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\STGuru Standard Edition 1.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Saint Paint Studio 11.00.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SciWriter 2.0.20.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SciWriter 2.0.21.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Screen Ruler 3.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ScreenVirtuoso Pro 2.30.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ScrollNavigator 1.2.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Sd4hide SafeDisc 4 Hider 1.0-SKULL.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SearchInform 2.2.09.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Second Sight Unlocker Complete.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Secure Password Manager 2.2.1.0621.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Security Task Manager 1.6c.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Security Task Manager v1.6f.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Selteco Flash Designer 5.0.30.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ServerMonitor Free 3.2.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ServerMonitor Lite 3.2.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ServerMonitor Pro 3.2.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ServersCheck 6.4.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ServersCheck Pro Edition 6.4.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ShareCalendar 2.32.0152.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ShareOutlook 2.32.0152.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Shockwave Player 10.1.1.016.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Shop-Script 2.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Simple Business Accounting 2.1.12.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Simple Invoices 2006-05-16.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Simple Invoices 2006-06-16.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Sims 2 Open For Business.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Skyshape MP3 Resizer v1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SlySoft CloneDVD v2.7.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Slysoft AnyDVD v6.0.0.4-CRD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Smart DVD CD Burner 3.0.53.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SmartBackup 3.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SmartCapture 1.7.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SmartCodeStudio 2.5.1501.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SmartFTP 2.0.996.32.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SmartFTP FTP Library 1.5.8.11.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SmartSVN Professional 2.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Snappy Fax 3.68.1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Snappy Fax Network Server 1.41.1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SoftCAT 3.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SoftFuse Nice Tables 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Sophos Anti-Virus Virus Identity Files 4.07.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SortPics 2.9.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SpaceObServer 2.22.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Spanish Vocab 1.0.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Speed DVD Creator 4.0.17.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Speed Video Converter 3.0.17.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Speed Video Splitter 2.4.17.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Spiral Creator 13.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Splinter Cell Pandora Tomorrow NOCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Sprintbit File Manager 2.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Spybot Search &amp; Destroy 2006-06-23.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Spyware Doctor v3.1.0.312.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Spyware Doctor v3.8.0.2527.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Spyware Doctor v3.8.0.2575-CRD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Spyware.Doctor.3.5.1.498 3.5.1.498.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Star Wars Battlefront 2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Stata 9.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Steganography 1.7.1.0621.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\StormPredator 3.02.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Stream TV 2.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Sun CD DVD Burner 2.17.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Super Flexible File Synchronizer 2.70.02.450.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Super Internet TV 6.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Super Sound Joiner 3.0.100.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Super VGA 1280x1024 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Super Video Cap v4.0.300.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\SuperRam 5.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Swift To-Do List 4.62.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Symantec Norton AntiVirus Virus Definition 06 21 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Symantec Norton AntiVirus Virus Definition 06 22 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Symantec Norton AntiVirus Virus Definition 06 25 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\System Analyser 5.3n.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\System Purifier 2.62.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\System Safety Monitor 2.1.0.575 beta.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TOSHIBA Software Modem 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TRACKMANIA SUNRISE.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Tag Clinic 4.2.3.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Team@Work Professional Edition 2.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Team@Work Standard Edition 2.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Texas Instruments PCI-8x12 7x12 6x12 CardBus Controller 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Text Filterer 1.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\The Elder Scrolls IV Oblivion NoDVD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\The Euchmich Legacy 1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\The Godfather The Game NODVD-GHC.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\The Lord of the Rings The Battle for Middle-earth-VENGEANCE.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\The Lord of the Rings The Battle for Middle-earth.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\The Scienc Lab 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\The Sims 2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Throttle 6 6.6.26.2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ThunderStor 2.1.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TiVo Desktop 2.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TimeLeft 3.21.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TinySpell 1.4.012.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Titan FTP Server 5.24.352.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Total Commander 6.55.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Total Commander v6.54a.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Total Uninstall 3.62.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TracePlus Web Detective (eBusiness Edition) 4.02.000.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TracePlus Web Detective (eBusiness Edition) 4.03.000.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TracePlus Web Detective 5.01.000.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TracePlus Web Detective 5.02.000.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TracePlus Winsock 6.73.000.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TraderXL Pro 5.9.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TrayClip 4.31.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Tree Notes 1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TreePad X Enterprise 7.8.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TriDComm 1.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Trojan Remover database update 6553.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TrojanHunter v4.1 Build 903.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Trusted Platform Module 1.2 6.0.5384.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TrustyFiles 3.1.0.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\TweakRAM 5.6 Build 06.20.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\USB over Network 2.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Ulead VideoStudio v9.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\UltraConverter 2.00.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Underground Topsites.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Uptime Clock 3.8.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\UrlSnooper 2.09.08.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\UrlSnooper 2.09.10.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\VAR Grade 3.1.2.48.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\VIP Simple To Do List 2.4.2.503.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\VMware Workstation v5.0.0.13124-ZWT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\VSO ConvertXtoDvd.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\VUPlayer 2.43.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Vampire The Masquerade Bloodlines v1.2 NoCD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Versomatic 1.0 Build 185.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Video Convert Master 6.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Video Pilot Plugin for Adobe Premiere 1.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\VideoCharge Basic 3.6.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\VideoCharge Express 3.6.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Virtual Album Maker Standard 1.30.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Virtual Desktop Toolbox 2.72.4.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Virtual Null Modem 2.0.5 build 27.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Virtual Stopwatch 3.14.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Virtual Stopwatch Pro 3.14.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Visual Paradigm for UML (Community Edition) 5.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Visual Paradigm for UML (Professional Edition) 5.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Visual Paradigm for UML (Standard Edition) 5.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\VisualCron 3.6.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\VueScan 8.3.54.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Warcraft III Reign of Chaos 1.20e.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Warcraft III The Frozen Throne 1.20e.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Water Illusion Professional 2.21.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Wavelet Forecasting 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WeBuilder 2006 7.2.0.68.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Web Calendar Pad 2.13.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Web OfficeView 3.8.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Web OfficeView 3.81.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WebCamSplitter 1.3.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WebSite-Watcher 4.20 Beta-3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Webm8 7.00.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Wedding Album Maker 1.20.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Western Australian Native Plants Mixed Collection 2 1.0.rar/Setup.exe -> Backdoo
sempai
Jun 30 2006, 10:46 AM
C:\Documents and Settings\j224k\Shared\_\Western Australian Native Plants Mixed Collection 3 1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WhereIsIt v3.67.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WinAVI Video Converter v7.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WinAmp 5.24.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WinLock Remote Administrator 1.35.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WinMerge 2.5.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WinPopup Gold 5.14.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WinRAR 3.51.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WinRAR v3.51.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WinXP Manager 4.97.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Windows Genuine Advantage Validation v1.5.530.0-ETH0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Windows Live Messenger 8.0.0792.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Windows vista beta 2 build 5342 2006.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WireNote 3.5.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Wiz Solitaire 2.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WorkgroupMail 8.0.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\WorkgroupShare for Outlook 2.1.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\World of Where 3.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\X-Backup 2006.1.2.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\XP Repair Pro v2.4.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\XP Tools 5.93.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\XP Tools Pro 5.93.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\XSpy Shield Gold 4.6 Build 06.17.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Xilisoft 3GP Video Converter v2.1.55.1025b.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Xilisoft 3GP Video Converter v3.1.6.0602b.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Xilisoft DVD Audio Ripper 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Xilisoft DVD Ripper 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Xilisoft DVD Ripper Platinum 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Xilisoft DVD to PSP Suite 4.0.52.0616.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\XoftSpy v4.21.134-CRD.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\XtraTools 2006 6.20.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Xtreeme FollowUpXpert Professional Edition 3.3.634.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\YATS32 8.7.26.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ZOC 5.07.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Zaep AntiSpam 5.0.0.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Zen Puzzle Garden 1.22.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ZenKEY 1.8.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ZeroPace Training Log 2.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Zinc Windows 2.5.0.16.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ZipForge 2.72.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ZoneAlarm 6.5.722.000.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ZoneAlarm Anti-Spyware 6.5.722.000.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ZoneAlarm Antivirus 6.5.722.000.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ZoneAlarm Pro 6.5.722.000.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\ZoneAlarm Security Suite 6.5.722.000.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\Zuma Deluxe ALL ACCESS CHEAT.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\avast professional 4.7.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\call of duty 2 key all.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\dotDefender 1.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\iNet Protector 2.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\iPod Media Studio 2.5.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\jxProject 2.3.0.2.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\kBilling 1.3.73.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\mp3Tag 5.0 build 345.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\n999tn999tn999tn999t.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\original Valid Windows XP Pro KEY S original Windows XP Pro.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\secureSWF Lite 1.1.2623.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\secureSWF Personal 1.1.2623.1.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\toca race driver 3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\tomtom 5.21.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\uTorrent 1.5.1 b465.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\uTorrent 1.5.1 b466.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\videos.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\visKeeper 3.0.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\visKeeper Pro 3.0.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\xProcess Personal Edition 2.1.0.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\xpy 0.9.6.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\Shared\_\yafrocache 0.3.3.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\WINDOWS\Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\z.rar/Setup.exe -> Backdoor.IRCBot.qc : Cleaned with backup (quarantined).
C:\WINDOWS\system32\actskn45.ocx -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\j224k\setup.exe -> Downloader.VB.afb : Cleaned with backup (quarantined).
C:\nwnmb_2.exe -> Hijacker.VB.fc : Cleaned with backup (quarantined).
:mozilla.127:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.227:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@adbrite.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@microsoftconsumermarketing.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.126:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.14:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.15:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@site.www.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@stats.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@www.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.243:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.244:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@ad.adocean[1].txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.149:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.150:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.74:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.86:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.87:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.46:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.56:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.58:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.77:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.27:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.28:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.107:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.109:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.111:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.48:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.49:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.195:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.199:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.119:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.120:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.121:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@creative.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.135:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.136:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.137:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.138:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.234:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.235:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.241:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.242:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.201:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.202:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.251:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.252:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.253:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.254:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.37:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.63:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.64:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.265:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.266:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.267:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.268:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.269:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.40:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.41:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.42:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.43:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.44:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.45:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.22:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.296:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.65:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\j224k\Cookies\j224k@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.300:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.301:C:\Documents and Settings\j224k\Application Data\Mozilla\Firefox\Profiles\qs47j9iw.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
sempai
Jun 30 2006, 10:49 AM
below is my autoruns report:

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms

+ rdpclip RDP Clip Monitor Microsoft Corporation c:\windows\system32\rdpclip.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\system32\userinit.exe Userinit Logon Application Microsoft Corporation c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Windows Explorer Microsoft Corporation c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ !ewido ewido anti-spyware Anti-Malware Development a.s. c:\program files\ewido anti-spyware 4.0\ewido.exe

+ AGRSMMSG SoftModem Messaging Applet Agere Systems c:\windows\agrsmmsg.exe

+ Alcmtr Realtek Azalia Audio - Event Monitor Realtek Semiconductor Corp. c:\windows\alcmtr.exe

+ ATICCC CLI Application (Command Line Interface) ATI Technologies Inc. c:\program files\ati technologies\ati.ace\cli.exe

+ batterymiser Battery Miser LG Electronics Inc. c:\program files\lg software\battery miser\batterymiser.exe

+ BluetoothAuthenticationAgent Bluetooth Control Panel Applet Microsoft Corporation c:\windows\system32\bthprops.cpl

+ ccApp Symantec User Session Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe

+ High Definition Audio Property Page Shortcut High Definition Audio Property Page Shortcut v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\hdashcut.exe

+ IMJPMIG8.1 Microsoft IME Microsoft Corporation c:\windows\ime\imjp8_1\imjpmig.exe

+ IPO3 IP Operator c:\program files\lg software\ip operator\ip operator.exe

+ KeybdUtility HotKey LG Electronics c:\program files\lg software\on screen display\hotkey.exe

+ LG Direct Media Button Service LG Direct Media Button Service LG Electronics Inc. c:\windows\system32\lgdmebtn.exe

+ LG Intelligent Update BL c:\program files\lg_swupdate\autoupdate.exe

+ OmniPass Softex OmniPass c:\program files\softex\omnipass\scureapp.exe

+ PHIME2002A ???????? 2002a Microsoft Corporation c:\windows\system32\ime\tintlgnt\tintsetp.exe

+ PHIME2002ASync ???????? 2002a Microsoft Corporation c:\windows\system32\ime\tintlgnt\tintsetp.exe

+ QuickTime Task Apple Computer, Inc. c:\program files\quicktime\qttask.exe

+ RemoteControl PowerDVD RC Service Cyberlink Corp. c:\program files\cyberlink\powerdvd\pdvdserv.exe

+ RTHDCPL Realtek HD Audio Control Panel Realtek Semiconductor Corp. c:\windows\rthdcpl.exe

+ snpstd CameraMonitor MFC Application c:\windows\vsnpstd.exe

+ SunJavaUpdateSched Java™ 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_07\bin\jusched.exe

+ SynTPEnh Synaptics TouchPad Enhancements Synaptics, Inc. c:\program files\synaptics\syntp\syntpenh.exe

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

+ Microsoft Office OneNote 2003 Quick Launch.lnk Microsoft Office OneNote Quick Launcher Microsoft Corporation c:\program files\microsoft office\office11\onenotem.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ ctfmon.exe CTF Loader Microsoft Corporation c:\windows\system32\ctfmon.exe

+ Free Download Manager File not found: C:\Program Files\Free Download Manager\fdm.exe

+ Google Desktop Search c:\program files\google\google desktop search\googledesktop.exe

+ MSMSGS Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe

+ MsnMsgr c:\program files\msn

+ Power2GoExpress Power2Go Express Cyberlink c:\program files\cyberlink\power2go\power2goexpress.exe

+ SRSTrayApp Taskbar icon for SRS WOW XT and TSXT driver SRS Labs, Inc. c:\program files\srs labs\wowxt and tsxt driver\srstrayapp.exe

+ Yahoo! Pager Yahoo! Messenger Yahoo! Inc. c:\program files\yahoo!\messenger\yahoomessenger.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ application/octet-stream Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ application/x-complus Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ application/x-msdownload Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ Class Install Handler OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ deflate OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ gzip OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ lzdhtml OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ text/webviewhtml Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ text/xml Microsoft Office XML MIME Filter Microsoft Corporation c:\program files\common files\microsoft shared\office11\msoxmlmf.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ about Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ cdl OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ dvd ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll

+ file OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ ftp OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ gopher OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ http OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ https OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll

+ javascript Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ local OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ mailto Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ mhtml Microsoft Internet Messaging API Microsoft Corporation c:\windows\system32\inetcomm.dll

+ mk OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ ms-its Microsoft® InfoTech Storage System Library Microsoft Corporation c:\windows\system32\itss.dll

+ mso-offdap Microsoft Office XP Web Components Microsoft Corporation c:\program files\common files\microsoft shared\web components\10\owc10.dll

+ mso-offdap11 Microsoft Office Web Components 2003 Microsoft Corporation c:\program files\common files\microsoft shared\web components\11\owc11.dll

+ res Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ sysimage Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ tv ActiveX control for streaming video Microsoft Corporation c:\windows\system32\msvidctl.dll

+ vbscript Microsoft ® HTML Viewer Microsoft Corporation c:\windows\system32\mshtml.dll

+ wia WIA Scripting Layer Microsoft Corporation c:\windows\system32\wiascr.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0 File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs32.dll

+ Browser Customizations IEAK branding Microsoft Corporation c:\windows\system32\iedkcs32.dll

+ Internet Explorer IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe

+ Internet Explorer 7 IE Per-User Initialization Utility Microsoft Corporation c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6 Outlook Express Setup Library Microsoft Corporation c:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player Microsoft Windows Media Player Setup Utility Microsoft Corporation c:\windows\inf\unregmp2.exe

+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ n/a Microsoft .NET IE SECURITY REGISTRATION Microsoft Corporation c:\windows\system32\mscories.dll

+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

+ Outlook Express Windows NT User Data Migration Tool Microsoft Corporation c:\windows\system32\shmgrate.exe

+ Themes Setup Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system32\regsvr32.exe

+ Windows Messenger 4.7 ADVPACK Microsoft Corporation c:\windows\system32\advpack.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ IE Component Categories cache daemon Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurn Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ PostBootReminder Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ SysTray Systray shell service object Microsoft Corporation c:\windows\system32\stobject.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WPDShServiceObj Windows Portable Device Shell Service Object Microsoft Corporation c:\windows\system32\wpdshserviceobj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ BatteryMiser Psap Shl Ext Battery Miser Psap support c:\windows\system32\bmpsap.dll

+ ewido anti-spyware 4.0 ewido anti-spyware guard Anti-Malware Development a.s. c:\program files\ewido anti-spyware 4.0\shellexecutehook.dll

+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ %DESC_PublishDropTarget% Photo Printing Wizard Microsoft Corporation c:\windows\system32\photowiz.dll

+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ &Links Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system32\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system32\occache.dll

+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Administrative Tools Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Audio Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Auto Update Property Sheet Extension Automatic Updates Control Panel Microsoft Corporation c:\windows\system32\wuaucpl.cpl

+ Avi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ BatteryMiser Psap Battery Miser Psap support c:\windows\system32\bmpsap.dll

+ Briefcase Windows Briefcase Microsoft Corporation c:\windows\system32\syncui.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Compatibility Page Compatibility Tab Shell Extension DLL Microsoft Corporation c:\windows\system32\slayerxp.dll

+ Compressed (zipped) Folder Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder Right Drag Handler Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ Compressed (zipped) Folder SendTo Target Compressed (zipped) Folders Microsoft Corporation c:\windows\system32\zipfldr.dll

+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system32\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Darwin App Publisher Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ DfsShell Distributed File System shell extension Microsoft Corporation c:\windows\system32\dfsshlex.dll

+ Directory Context Menu Verbs Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Object Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Property UI Directory Service Common UI Microsoft Corporation c:\windows\system32\dsuiext.dll

+ Directory Query UI Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Directory Start/Search Find Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Disk Copy Extension Windows DiskCopy Microsoft Corporation c:\windows\system32\diskcopy.dll

+ Disk Quota UI Windows Shell Disk Quota UI DLL Microsoft Corporation c:\windows\system32\dskquoui.dll

+ Display Adapter CPL Extension Advanced display adapter properties Microsoft Corporation c:\windows\system32\deskadp.dll

+ Display Monitor CPL Extension Advanced display monitor properties Microsoft Corporation c:\windows\system32\deskmon.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ Display TroubleShoot CPL Extension Advanced display performance properties Microsoft Corporation c:\windows\system32\deskperf.dll

+ Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ DS Security Page Directory Service Security UI Microsoft Corporation c:\windows\system32\dssec.dll

+ E-mail Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Explorer Search Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Explorer Travel Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Extensions Manager Folder Extensions Manager Microsoft Corporation c:\windows\system32\extmgr.dll

+ Fonts Windows Font Folder Microsoft Corporation c:\windows\system32\fontext.dll

+ Fonts Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ For &People... Find People Microsoft Corporation c:\program files\outlook express\wabfind.dll

+ FTP Folders Webview Microsoft Internet Explorer FTP Folder Shell Extension Microsoft Corporation c:\windows\system32\msieftp.dll

+ Fusion Cache Microsoft .NET Runtime Execution Engine Microsoft Corporation c:\windows\system32\mscoree.dll

+ GDI+ file thumbnail extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Get a Passport Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Help and Support Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ History Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ HTML Thumbnail Extractor Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system32\icmui.dll

+ IE &Address Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Address EditBox Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE AutoComplete Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE BandProxy Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Custom MRU AutoCompleted List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Fade Task Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Global Folder Settings Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE IShellFolderBand Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Desk Bar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Menu Site Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft BrowserBand Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft History AutoComplete List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Internet Toolbar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Multiple AutoComplete List Container Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Microsoft Shell Folder AutoComplete List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE MRU AutoComplete List Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Navigation Bar Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Registry Tree Options Utility Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Search Band Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Search Control Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Shell Band Site Menu Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Shell Rebar BandSite Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE Tracking Shell Menu Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE User Assist Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Installed Apps Enumerator Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Internet Name Space Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ InternetShortcut Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Microsoft Agent Character Property Sheet Handler Microsoft Agent Property Sheet Handler Microsoft Corporation c:\windows\msagent\agentpsh.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Microsoft Browser Architecture Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Data Link Microsoft Data Access - OLE DB Core Services Microsoft Corporation c:\program files\common files\system\ole db\oledb32.dll

+ Microsoft DocProp Inplace Calendar Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Droplist Combo Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace ML Edit Box Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Inplace Time Control Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft DocProp Shell Ext Microsoft DocProp Shell Ext Microsoft Corporation c:\windows\system32\docprop2.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Office HTML Icon Handler Microsoft Office 2003 component Microsoft Corporation c:\program files\microsoft office\office11\msohev.dll

+ Microsoft Office Outlook Custom Icon Handler Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office11\olkfstub.dll

+ Microsoft Office Outlook Desktop Icon Handler Microsoft Shell Extension Library Microsoft Corporation c:\program files\microsoft office\office11\mlshext.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Microsoft Url History Service Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Microsoft Url Search Hook Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Midi Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ MMC Icon Handler MMC Shell Extension DLL Microsoft Corporation c:\windows\system32\mmcshext.dll

+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Multimedia File Property Sheet Control Panel Drivers Applet Microsoft Corporation c:\windows\system32\mmsys.cpl

+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system32\mydocs.dll

+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll

+ Network Connections Network Connections Shell Microsoft Corporation c:\windows\system32\netshell.dll

+ NTFS Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll

+ Offline Files Folder Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ Offline Files Folder Options Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ Offline Files Menu Client Side Caching UI Microsoft Corporation c:\windows\system32\cscui.dll

+ OLE Docfile Property Page OLE DocFile Property Page Microsoft Corporation c:\windows\system32\docprop.dll

+ OmniPass Shell Extension OpFolderExt Softex Inc. c:\program files\softex\omnipass\opfolderext.dll

+ OmniPass ShellNameSpace Extension OpFolderExt Softex Inc. c:\program files\softex\omnipass\opfolderext.dll

+ PlusPack CPL Extension Windows Theme API Microsoft Corporation c:\windows\system32\themeui.dll

+ Portable Devices Portable Devices Shell Extension Microsoft Corporation c:\windows\system32\wpdshext.dll

+ Portable Devices Menu Portable Devices Shell Extension Microsoft Corporation c:\windows\system32\wpdshext.dll

+ Portable Media Devices Portable Media Devices Shell Extension Microsoft Corporation c:\windows\system32\audiodev.dll

+ PostAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Previous Versions Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll

+ Previous Versions Property Page Previous Versions property page Microsoft Corporation c:\windows\system32\twext.dll

+ Print Ordering via the Web Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Printers Security Page Security Shell Extension Microsoft Corporation c:\windows\system32\rshx32.dll

+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Remote Sessions CPL Extension Remote Sessions CPL Extension Microsoft Corporation c:\windows\system32\remotepg.dll

+ Run... Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scanners & Cameras Imaging Devices Shell Folder UI Microsoft Corporation c:\windows\system32\wiashext.dll

+ Scheduled Tasks Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Search Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system32\sendmail.dll

+ Set Program Access and Defaults Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Application Manager Shell Application Manager Microsoft Corporation c:\windows\system32\appwiz.cpl

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system32\shdocvw.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell DocObject Viewer Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Shell extensions for Microsoft Windows Network objects Network object shell UI Microsoft Corporation c:\windows\system32\ntlanui2.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Shell extensions for sharing Shell extensions for sharing Microsoft Corporation c:\windows\system32\ntshrui.dll

+ Shell Image Data Factory Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Property Handler Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell Image Verbs Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Shell properties for a DS object Directory Service Find Microsoft Corporation c:\windows\system32\dsquery.dll

+ Shell Publishing Wizard Object Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Shell Scrap DataHandler Shell scrap object handler Microsoft Corporation c:\windows\system32\shscrap.dll

+ Shell Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Windows Picture and Fax Viewer Microsoft Corporation c:\windows\system32\shimgvw.dll

+ Synaptics Control Panel TouchPad Control Panel Extensions Synaptics, Inc. c:\program files\synaptics\syntp\syntpcpl.dll

+ Taskbar and Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ Tasks Folder Icon Handler Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system32\mstask.dll

+ Temporary Internet Files Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Temporary Internet Files Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ The Internet Internet Explorer Browser UI Library Microsoft Corporation c:\windows\system32\ieframe.dll

+ Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ User Accounts Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ Video Media Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Video Thumbnail Extractor Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Wav Properties Handler Media File Property Extractor Shell Extension Microsoft Corporation c:\windows\system32\shmedia.dll

+ Web Folders Microsoft Web Folders Microsoft Corporation c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll

+ Web Printer Shell Extension Print UI DLL Microsoft Corporation c:\windows\system32\printui.dll

+ Web Publishing Wizard Map Network Drives/Network Places Wizard Microsoft Corporation c:\windows\system32\netplwiz.dll

+ Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system32\browseui.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system32\webcheck.dll

+ Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher Microsoft Corporation c:\windows\system32\wmpshell.dll

+ Windows Script Host¿¡ ´ëÇÑ ¼Ğ È®Àå¸í Microsoft ® Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system32\wshext.dll

+ Yahoo! Mail YMMAPI Module Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll

+ {506F4668-F13E-4AA1-BB04-B43203AB3CC0} c:\program files\microsoft office\visio11\visshe.dll

+ {D66DC78C-4F61-447F-942B-3FB6980118CF} c:\program files\microsoft office\visio11\visshe.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE} Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ CNavExtBho Class Norton AntiVirus Shell Extension Module Symantec Corporation c:\program files\norton antivirus\navshext.dll

+ Google Toolbar Helper Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar2.dll

+ SSVHelper Class Java™ 2 Platform Standard Edition binary Sun Microsystems, Inc. c:\program files\java\jre1.5.0_07\bin\ssv.dll

+ Yahoo! IE Services Button Yahoo! IE Services Yahoo! Inc. c:\program files\yahoo!\common\yiesrvc.dll

+ Yahoo! Toolbar Helper Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn0\yt.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ yt.dll Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn0\yt.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ googletoolbar2.dll Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar2.dll

+ Norton AntiVirus Norton AntiVirus Shell Extension Module Symantec Corporation c:\program files\norton antivirus\navshext.dll

+ yt.dll Yahoo! Toolbar Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn0\yt.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ Windows Messenger Windows Messenger Microsoft Corporation c:\program files\messenger\msmsgs.exe

+ Yahoo! Messenger Yahoo! Messenger Yahoo! Inc. c:\program files\yahoo!\messenger\yahoomessenger.exe

Task Scheduler

+ Norton AntiVirus - Run Full System Scan - j224k.job Norton AntiVirus Scanner Module Symantec Corporation c:\program files\norton antivirus\navw32.exe

+ RegCure.job RegCure Application c:\program files\regcure\regcure.exe

HKLM\System\CurrentControlSet\Services

+ Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe

+ AudioSrv Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ Automatic LiveUpdate Scheduler Manages the scheduling of Automatic LiveUpdate sessions Symantec Corporation c:\program files\symantec\liveupdate\aluschedulersvc.exe

+ BlueSoleil Hid Service c:\program files\ivt corporation\bluesoleil\btntservice.exe

+ Browser Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ BthServ Generic Host Process for Win32 Services Microsoft Corporation c:\windows\system32\svchost.exe

+ ccEvtMgr Event propagation and logging service Symantec Corporation c:\program files\common files\symantec shared\ccevtmgr.exe

+ ccSetMgr Settings storage and management service Symantec Corporation c:\program files\common files\symantec shared\ccsetmgr.exe

+ CryptSvc Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ DcomLaunch Provides launch functionality for DCOM services. Microsoft Corporation c:\windows\system32\svchost.exe

+ Dhcp Manages network configuration by registering and updating IP addresses and DNS names. Microsoft Corporation c:\windows\system32\svchost.exe

+ Dnscache Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ ERSvc Allows error reporting for services and applictions running in non-standard environments. Microsoft Corporation c:\windows\system32\svchost.exe

+ Eventlog Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped. Microsoft Corporation c:\windows\system32\services.exe

+ ewido anti-spyware 4.0 guard ewido anti-spyware guard Anti-Malware Development a.s. c:\program files\ewido anti-spyware 4.0\guard.exe

+ helpsvc Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ lanmanserver Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ lanmanworkstation Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ LmHosts Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution. Microsoft Corporation c:\windows\system32\svchost.exe

+ navapsvc Handles Norton AntiVirus Auto-Protect events. Symantec Corporation c:\program files\norton antivirus\navapsvc.exe

+ NPFMntor Detects installation of Symantec Firewall clients Symantec Corporation c:\program files\norton antivirus\iwp\npfmntor.exe

+ npkcsvc nProtect KeyCrypt Service INCA Internet Co., Ltd. c:\windows\system32\npkcsvc.exe

+ omniserv Softex OmniPass Service Softex Inc. c:\program files\softex\omnipass\omniserv.exe

+ PlugPlay Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability. Microsoft Corporation c:\windows\system32\services.exe

+ PolicyAgent Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver. Microsoft Corporation c:\windows\system32\lsass.exe

+ ProtectedStorage Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users. Microsoft Corporation c:\windows\system32\lsass.exe

+ RpcSs Provides the endpoint mapper and other miscellaneous RPC services. Microsoft Corporation c:\windows\system32\svchost.exe

+ SamSs Stores security information for local user accounts. Microsoft Corporation c:\windows\system32\lsass.exe

+ Schedule Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ seclogon Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ SENS Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events. Microsoft Corporation c:\windows\system32\svchost.exe

+ SharedAccess Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. Microsoft Corporation c:\windows\system32\svchost.exe

+ ShellHWDetection Provides notifications for AutoPlay hardware events. Microsoft Corporation c:\windows\system32\svchost.exe

+ SNDSrvc Symantec Network Drivers Service Symantec Corporation c:\program files\common files\symantec shared\sndsrvc.exe

+ SPBBCSvc Symantec SPBBC Symantec Corporation c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe

+ Spooler Loads files to memory for later printing. Microsoft Corporation c:\windows\system32\spoolsv.exe

+ SRS_PostInstaller Handles post-installation functions for the SRS driver. SRS Labs, Inc. c:\program files\srs labs\wowxt and tsxt driver\srs_postinstaller.exe

+ srservice Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties Microsoft Corporation c:\windows\system32\svchost.exe

+ stisvc Provides image acquisition services for scanners and cameras. Microsoft Corporation c:\windows\system32\svchost.exe

+ Symantec Core LC Symantec Core LC Symantec Corporation c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe

+ Themes Provides user experience theme management. Microsoft Corporation c:\windows\system32\svchost.exe

+ TrkWks Maintains links between NTFS files within a computer or across computers in a network domain. Microsoft Corporation c:\windows\system32\svchost.exe

+ W32Time Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Microsoft Corporation c:\windows\system32\svchost.exe

+ WebClient Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ winmgmt Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\svchost.exe

+ wuauserv Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. Microsoft Corporation c:\windows\system32\svchost.exe

+ WZCSVC Provides automatic configuration for the 802.11 adapters Microsoft Corporation c:\windows\system32\svchost.exe

HKLM\System\CurrentControlSet\Services

+ ACPI ACPI Driver for NT Microsoft Corporation c:\windows\system32\drivers\acpi.sys

+ ACPIEC ACPI Embedded Controller Driver Microsoft Corporation c:\windows\system32\drivers\acpiec.sys

+ aec Microsoft Acoustic Echo Canceller Microsoft Corporation c:\windows\system32\drivers\aec.sys

+ AFD AFD Networking Support Environment Microsoft Corporation c:\windows\system32\drivers\afd.sys

+ AgereSoftModem SoftModem Device Driver Agere Systems c:\windows\system32\drivers\agrsm.sys

+ AGR1310_51 Agere Systems PCI Express Ethernet Adapter Agere Systems c:\windows\system32\drivers\agr1310_51.sys

+ Arp1394 1394 ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\arp1394.sys

+ AsyncMac RAS Asynchronous Media Driver Microsoft Corporation c:\windows\system32\drivers\asyncmac.sys

+ atapi IDE/ATAPI Port Driver Microsoft Corporation c:\windows\system32\drivers\atapi.sys

+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys

+ Atmarpc ATM ARP Client Protocol Microsoft Corporation c:\windows\system32\drivers\atmarpc.sys

+ ATSWPDRV Slide Fingerprint USB Driver AuthenTec, Inc. c:\windows\system32\drivers\atswpdrv.sys

+ audstub AudStub Driver Microsoft Corporation c:\windows\system32\drivers\audstub.sys

+ BlueletAudio Bluelet Audio Driver IVT Corporation c:\windows\system32\drivers\blueletaudio.sys

+ BlueletSCOAudio Bluelet Audio Driver IVT Corporation c:\windows\system32\drivers\blueletscoaudio.sys

+ BT Bluetooth PAN Network Adapter Driver IVT Corporation c:\windows\system32\drivers\btnetdrv.sys

+ Btcsrusb Bluetooth USB Device Driver IVT Corporation c:\windows\system32\drivers\btcusb.sys

+ BthEnum Bluetooth Bus Extender Microsoft Corporation c:\windows\system32\drivers\bthenum.sys

+ BTHidEnum c:\windows\system32\drivers\vbtenum.sys

+ BTHidMgr Bluetooth HID Manager driver IVT Corporation c:\windows\system32\drivers\bthidmgr.sys

+ BthPan Bluetooth Device (Personal Area Network) Microsoft Corporation c:\windows\system32\drivers\bthpan.sys

+ BTHPORT Bluetooth Bus Driver Microsoft Corporation c:\windows\system32\drivers\bthport.sys

+ BTHUSB Bluetooth Miniport Driver Microsoft Corporation c:\windows\system32\drivers\bthusb.sys

+ CCDECODE WDM Closed Caption VBI Codec Microsoft Corporation c:\windows\system32\drivers\ccdecode.sys

+ Cdrom SCSI CD-ROM Driver Microsoft Corporation c:\windows\system32\drivers\cdrom.sys

+ CmBatt Control Method Battery Driver Microsoft Corporation c:\windows\system32\drivers\cmbatt.sys

+ Compbatt Composite Battery Driver Microsoft Corporation c:\windows\system32\drivers\compbatt.sys

+ Disk PnP Disk Driver Microsoft Corporation c:\windows\system32\drivers\disk.sys

+ DMusic Microsoft Kernel DLS Synthesizer Microsoft Corporation c:\windows\system32\drivers\dmusic.sys

+ drmkaud Microsoft Kernel DRM Audio Descrambler Filter Microsoft Corporation c:\windows\system32\drivers\drmkaud.sys

+ eeCtrl Symantec Eraser Control Driver Symantec Corporation c:\program files\common files\symantec shared\eengine\eectrl.sys

+ ewido anti-spyware 4.0 driver c:\program files\ewido anti-spyware 4.0\guard.sys

+ Ftdisk FT Disk Driver Microsoft Corporation c:\windows\system32\drivers\ftdisk.sys

+ Gpc Generic Packet Classifier Microsoft Corporation c:\windows\system32\drivers\msgpc.sys

+ HdAudAddService High Definition Audio Function Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudio.sys

+ HDAudBus High Definition Audio Bus Driver v1.0a Windows ® Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys

+ HidUsb USB Miniport Driver for Input Devices Microsoft Corporation c:\windows\system32\drivers\hidusb.sys

+ HTTP This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start. Microsoft Corporation c:\windows\system32\drivers\http.sys

+ i8042prt i8042 Port Driver Microsoft Corporation c:\windows\system32\drivers\i8042prt.sys

+ Imapi IMAPI Kernel Driver Microsoft Corporation c:\windows\system32\drivers\imapi.sys

+ IntcAzAudAddService Realtek® High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys

+ intelppm Processor Device Driver Microsoft Corporation c:\windows\system32\drivers\intelppm.sys

+ Ip6Fw Provides intrusion prevention service for a home or small office network. Microsoft Corporation c:\windows\system32\drivers\ip6fw.sys

+ IpFilterDriver IP Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\ipfltdrv.sys

+ IpInIp IP in IP Tunnel Driver Microsoft Corporation c:\windows\system32\drivers\ipinip.sys

+ IpNat IP Network Address Translator Microsoft Corporation c:\windows\system32\drivers\ipnat.sys

+ IPSec IPSEC driver Microsoft Corporation c:\windows\system32\drivers\ipsec.sys

+ IRENUM Infra-Red Bus Enumerator Microsoft Corporation c:\windows\system32\drivers\irenum.sys

+ isapnp PNP ISA Bus Driver Microsoft Corporation c:\windows\system32\drivers\isapnp.sys

+ Kbdclass Keyboard Class Driver Microsoft Corporation c:\windows\system32\drivers\kbdclass.sys

+ kmixer Kernel Mode Audio Mixer Microsoft Corporation c:\windows\system32\drivers\kmixer.sys

+ LGDMEBTN LG Direct Media Button Driver LG Electronics Inc. c:\windows\system32\drivers\lgdmebtn.sys

+ lgodd_filter File not found: system32\drivers\lgodd_filter.sys

+ lgsnd_filter c:\windows\system32\drivers\lgsnd_filter.sys

+ Mouclass Mouse Class Driver Microsoft Corporation c:\windows\system32\drivers\mouclass.sys

+ mouhid HID Mouse Filter Driver Microsoft Corporation c:\windows\system32\drivers\mouhid.sys

+ MSKSSRV MS KS Server Microsoft Corporation c:\windows\system32\drivers\mskssrv.sys

+ MSPCLOCK MS Proxy Clock Microsoft Corporation c:\windows\system32\drivers\mspclock.sys

+ MSPQM MS Proxy Quality Manager Microsoft Corporation c:\windows\system32\drivers\mspqm.sys

+ mssmbios System Management BIOS Driver Microsoft Corporation c:\windows\system32\drivers\mssmbios.sys

+ MSTEE WDM Tee/Communication Transform Filter Microsoft Corporation c:\windows\system32\drivers\mstee.sys

+ NABTSFEC WDM NABTS/FEC VBI Codec Microsoft Corporation c:\windows\system32\drivers\nabtsfec.sys

+ NAVENG AV Engine Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20060629.033\naveng.sys

+ NAVEX15 AV Engine Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20060629.033\navex15.sys

+ NdisIP Microsoft IP Driver Microsoft Corporation c:\windows\system32\drivers\ndisip.sys

+ Ndisipo NDIS Protocol Driver for IPO3 Windows ® 2000 DDK provider c:\windows\system32\drivers\ndisipo.sys

+ NdisTapi Remote Access NDIS TAPI Driver Microsoft Corporation c:\windows\system32\drivers\ndistapi.sys

+ Ndisuio NDIS Usermode I/O Protocol Microsoft Corporation c:\windows\system32\drivers\ndisuio.sys

+ NdisWan Remote Access NDIS WAN Driver Microsoft Corporation c:\windows\system32\drivers\ndiswan.sys

+ NetBT NetBios over Tcpip Microsoft Corporation c:\windows\system32\drivers\netbt.sys

+ NIC1394 IEEE1394 Ndis Miniport and Call Manager Microsoft Corporation c:\windows\system32\drivers\nic1394.sys

+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. c:\windows\system32\npkcrypt.sys

+ NwlnkFlt IPX Traffic Filter Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkflt.sys

+ NwlnkFwd IPX Traffic Forwarder Driver Microsoft Corporation c:\windows\system32\drivers\nwlnkfwd.sys

+ ohci1394 1394 OpenHCI Port Driver Microsoft Corporation c:\windows\system32\drivers\ohci1394.sys

+ Parport Parallel Port Driver Microsoft Corporation c:\windows\system32\drivers\parport.sys

+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\wi
sempai
Jun 30 2006, 10:53 AM
+ PCI NT Plug and Play PCI Enumerator Microsoft Corporation c:\windows\system32\drivers\pci.sys

+ PCIIde Generic PCI IDE Bus Driver Microsoft Corporation c:\windows\system32\drivers\pciide.sys

+ Pcmcia PCMCIA Bus Driver Microsoft Corporation c:\windows\system32\drivers\pcmcia.sys

+ PptpMiniport WAN Miniport (PPTP) Microsoft Corporation c:\windows\system32\drivers\raspptp.sys

+ PSched QoS Packet Scheduler Microsoft Corporation c:\windows\system32\drivers\psched.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys

+ RasAcd Remote Access Auto Connection Driver Microsoft Corporation c:\windows\system32\drivers\rasacd.sys

+ Rasl2tp WAN Miniport (L2TP) Microsoft Corporation c:\windows\system32\drivers\rasl2tp.sys

+ RasPppoe Remote Access PPPOE Driver Microsoft Corporation c:\windows\system32\drivers\raspppoe.sys

+ Raspti Direct Parallel Microsoft Corporation c:\windows\system32\drivers\raspti.sys

+ RDPCDD RDP Miniport Microsoft Corporation c:\windows\system32\drivers\rdpcdd.sys

+ redbook Redbook Audio Filter Driver Microsoft Corporation c:\windows\system32\drivers\redbook.sys

+ RFCOMM Bluetooth Device (RFCOMM Protocol TDI) Microsoft Corporation c:\windows\system32\drivers\rfcomm.sys

+ ROOTMODEM Legacy Non-Pnp Modem Device Driver Microsoft Corporation c:\windows\system32\drivers\rootmdm.sys

+ SAVRT AutoProtect Symantec Corporation c:\program files\norton antivirus\savrt.sys

+ SAVRTPEL SAVRTPEL Symantec Corporation c:\program files\norton antivirus\savrtpel.sys

+ sdbus SecureDigital Bus Driver Microsoft Corporation c:\windows\system32\drivers\sdbus.sys

+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys

+ serenum Serial Port Enumerator Microsoft Corporation c:\windows\system32\drivers\serenum.sys

+ Serial Serial Device Driver Microsoft Corporation c:\windows\system32\drivers\serial.sys

+ SLIP Microsoft Slip Deframing Filter Minidriver Microsoft Corporation c:\windows\system32\drivers\slip.sys

+ snpstd PC Camera driver c:\windows\system32\drivers\snpstd.sys

+ SPBBCDrv SPBBC Driver Symantec Corporation c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys

+ splitter Microsoft Kernel Audio Splitter Microsoft Corporation c:\windows\system32\drivers\splitter.sys

+ streamip Microsoft IP Test Driver Microsoft Corporation c:\windows\system32\drivers\streamip.sys

+ swenum Plug and Play Software Device Enumerator Microsoft Corporation c:\windows\system32\drivers\swenum.sys

+ swmidi Microsoft GS Wavetable Synthesizer Microsoft Corporation c:\windows\system32\drivers\swmidi.sys

+ SYMDNS DNS Filter Driver Symantec Corporation c:\windows\system32\drivers\symdns.sys

+ SymEvent Symantec Event Library Symantec Corporation c:\program files\symantec\symevent.sys

+ SYMFW Firewall Filter Driver Symantec Corporation c:\windows\system32\drivers\symfw.sys

+ SYMIDS IDS Filter Driver Symantec Corporation c:\windows\system32\drivers\symids.sys

+ SYMIDSCO IDS Core Driver Symantec Corporation c:\program files\common files\symantec shared\symcdata\ids-diskless\20060614.094\symidsco.sys

+ symlcbrd Symantec Core Component Symantec Corporation c:\windows\system32\drivers\symlcbrd.sys

+ SYMNDIS NDIS Filter Driver Symantec Corporation c:\windows\system32\drivers\symndis.sys

+ SYMREDRV Redirector Filter Driver Symantec Corporation c:\windows\system32\drivers\symredrv.sys

+ SYMTDI Network Dispatch Driver Symantec Corporation c:\windows\system32\drivers\symtdi.sys

+ SynTP Synaptics Touchpad Driver Synaptics, Inc. c:\windows\system32\drivers\syntp.sys

+ sysaudio System Audio WDM Filter Microsoft Corporation c:\windows\system32\drivers\sysaudio.sys

+ Tcpip TCP/IP Protocol Driver Microsoft Corporation c:\windows\system32\drivers\tcpip.sys

+ TermDD Terminal Server Driver Microsoft Corporation c:\windows\system32\drivers\termdd.sys

+ tifm21 tifm21.sys Texas Instruments c:\windows\system32\drivers\tifm21.sys

+ Update Update Driver Microsoft Corporation c:\windows\system32\drivers\update.sys

+ usbehci EHCI eUSB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbehci.sys

+ usbhub Default Hub Driver for USB Microsoft Corporation c:\windows\system32\drivers\usbhub.sys

+ usbstor USB Mass Storage Class Driver Microsoft Corporation c:\windows\system32\drivers\usbstor.sys

+ usbuhci UHCI USB Miniport Driver Microsoft Corporation c:\windows\system32\drivers\usbuhci.sys

+ USBZC0301 ZSMC USB PC Camera Driver ZSMC c:\windows\system32\drivers\usbcam.sys

+ VComm Bluetooth Serial Port Driver IVT Corporation c:\windows\system32\drivers\vcomm.sys

+ VcommMgr Bluetooth VcommMgr driver IVT Corporation c:\windows\system32\drivers\vcommmgr.sys

+ VgaSave VGA/Super VGA Video Driver Microsoft Corporation c:\windows\system32\drivers\vga.sys

+ w39n51 Intel® Wireless LAN Driver Intel® Corporation c:\windows\system32\drivers\w39n51.sys

+ Wanarp Remote Access IP ARP Driver Microsoft Corporation c:\windows\system32\drivers\wanarp.sys

+ wdmaud MMSYSTEM Wave/Midi API mapper Microsoft Corporation c:\windows\system32\drivers\wdmaud.sys

+ WmiAcpi Windows Management Interface for ACPI Microsoft Corporation c:\windows\system32\drivers\wmiacpi.sys

+ wowfilter SRS WOW XT filter driver c:\windows\system32\drivers\wowfilter.sys

+ WS2IFSL Winsock2 IFS Layer Microsoft Corporation c:\windows\system32\drivers\ws2ifsl.sys

+ WSTCODEC WDM WST Codec Driver Microsoft Corporation c:\windows\system32\drivers\wstcodec.sys

+ WudfPf Provide communciation services for UMDF components. Microsoft Corporation c:\windows\system32\drivers\wudfpf.sys

+ WudfRd Reflect device requests to user-mode driver drivers Microsoft Corporation c:\windows\system32\drivers\wudfrd.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * Auto Check Utility Microsoft Corporation c:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a path Symbolic Debugger for Windows 2000 Microsoft Corporation c:\windows\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32 Advanced Windows 32 Base API Microsoft Corporation c:\windows\system32\advapi32.dll

+ comdlg32 Common Dialogs DLL Microsoft Corporation c:\windows\system32\comdlg32.dll

+ gdi32 GDI Client DLL Microsoft Corporation c:\windows\system32\gdi32.dll

+ imagehlp Windows NT Image Helper Microsoft Corporation c:\windows\system32\imagehlp.dll

+ kernel32 Windows NT BASE API Client DLL Microsoft Corporation c:\windows\system32\kernel32.dll

+ lz32 LZ Expand/Compress API DLL Microsoft Corporation c:\windows\system32\lz32.dll

+ ole32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\ole32.dll

+ oleaut32 Microsoft Corporation c:\windows\system32\oleaut32.dll

+ olecli32 Object Linking and Embedding Client Library Microsoft Corporation c:\windows\system32\olecli32.dll

+ olecnv32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olecnv32.dll

+ olesvr32 Object Linking and Embedding Server Library Microsoft Corporation c:\windows\system32\olesvr32.dll

+ olethk32 Microsoft OLE for Windows Microsoft Corporation c:\windows\system32\olethk32.dll

+ rpcrt4 Remote Procedure Call Runtime Microsoft Corporation c:\windows\system32\rpcrt4.dll

+ shell32 Windows Shell Common Dll Microsoft Corporation c:\windows\system32\shell32.dll

+ url Internet Shortcut Shell Extension DLL Microsoft Corporation c:\windows\system32\url.dll

+ urlmon OLE32 Extensions for Win32 Microsoft Corporation c:\windows\system32\urlmon.dll

+ user32 Windows XP USER API Client DLL Microsoft Corporation c:\windows\system32\user32.dll

+ version Version Checking and File Installation Libraries Microsoft Corporation c:\windows\system32\version.dll

+ wininet Internet Extensions for Win32 Microsoft Corporation c:\windows\system32\wininet.dll

+ wldap32 Win32 LDAP API DLL Microsoft Corporation c:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost

+ logonui.exe Windows Logon UI Microsoft Corporation c:\windows\system32\logonui.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll

+ crypt32chain Crypto API32 Microsoft Corporation c:\windows\system32\crypt32.dll

+ cryptnet Crypto Network Related API Microsoft Corporation c:\windows\system32\cryptnet.dll

+ cscdll Offline Network Agent Microsoft Corporation c:\windows\system32\cscdll.dll

+ OPXPGina c:\program files\softex\omnipass\opxpgina.dll

+ ScCertProp Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ Schedule Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ sclgntfy Secondary Logon Service Notification DLL Microsoft Corporation c:\windows\system32\sclgntfy.dll

+ SensLogn Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ termsrv Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

+ WgaLogon Windows Genuine Advantage Notification Microsoft Corporation c:\windows\system32\wgalogon.dll

+ wlballoon Common DLL to receive Winlogon notifications Microsoft Corporation c:\windows\system32\wlnotify.dll

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ Google Desktop c:\program files\google\google desktop search\googledesktopnetwork1.dll

+ Google Desktop over [MSAFD Tcpip [TCP/IP]] c:\program files\google\google desktop search\googledesktopnetwork1.dll

+ Google Desktop over [MSAFD Tcpip [UDP/IP]] c:\program files\google\google desktop search\googledesktopnetwork1.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{53660F5A-2653-413C-94A9-E6B9978EA19B}] DATAGRAM 7 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{53660F5A-2653-413C-94A9-E6B9978EA19B}] SEQPACKET 7 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{830955F6-08A6-4F07-A0E0-C538B402B74E}] DATAGRAM 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{830955F6-08A6-4F07-A0E0-C538B402B74E}] SEQPACKET 1 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B86B7CAC-3CB8-47AB-8102-868E1CAD5470}] DATAGRAM 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B86B7CAC-3CB8-47AB-8102-868E1CAD5470}] SEQPACKET 5 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{C850AE28-50AF-4FD4-810A-44469B8748F3}] DATAGRAM 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{C850AE28-50AF-4FD4-810A-44469B8748F3}] SEQPACKET 2 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{D4273022-CD1A-4C3E-BC4C-5A369767AA47}] DATAGRAM 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{D4273022-CD1A-4C3E-BC4C-5A369767AA47}] SEQPACKET 6 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E343B1FD-65E6-4B21-9A32-E4F1C0414B77}] DATAGRAM 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{E343B1FD-65E6-4B21-9A32-E4F1C0414B77}] SEQPACKET 4 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0174E24-65D1-4C4B-A25C-51B51385F911}] DATAGRAM 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0174E24-65D1-4C4B-A25C-51B51385F911}] SEQPACKET 3 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9F62D1C-D219-4EE6-806B-2680EE14CACB}] DATAGRAM 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F9F62D1C-D219-4EE6-806B-2680EE14CACB}] SEQPACKET 0 Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD RfComm [Bluetooth] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP] Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation c:\windows\system32\mswsock.dll

+ RSVP TCP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll

+ RSVP UDP Service Provider Microsoft Windows Rsvp 1.0 Service Provider Microsoft Corporation c:\windows\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language Monitor Langage Monitor for Canon Bubble-Jet Printer Microsoft Corporation c:\windows\system32\cnbjmon.dll

+ Local Port Local Spooler DLL Microsoft Corporation c:\windows\system32\localspl.dll

+ Microsoft Document Imaging Writer Monitor Microsoft® Document Imaging Microsoft Corporation c:\windows\system32\mdimon.dll

+ PJL Language Monitor PJL Language monitor Microsoft Corporation c:\windows\system32\pjlmon.dll

+ Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Microsoft Corporation c:\windows\system32\tcpmon.dll

+ USB Monitor Standard Dynamic Printing Port Monitor DLL Microsoft Corporation c:\windows\system32\usbmon.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages

+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages

+ scecli Windows Security Configuration Editor Client Engine Microsoft Corporation c:\windows\system32\scecli.dll

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages

+ kerberos Kerberos Security Package Microsoft Corporation c:\windows\system32\kerberos.dll

+ msv1_0 Microsoft Authentication Package v1.0 Microsoft Corporation c:\windows\system32\msv1_0.dll

+ schannel TLS / SSL Security Provider Microsoft Corporation c:\windows\system32\schannel.dll

+ wdigest Microsoft Digest Access Microsoft Corporation c:\windows\system32\wdigest.dll
sempai
Jun 30 2006, 10:55 AM
below is my new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:29:51 PM, on 6/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LGDMEBTN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\LG Software\IP Operator\IP Operator.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\LG Software\Battery Miser\batterymiser.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\lg_swupdate\tmcheck.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Softex\OmniPass\opfolderhelper.exe
C:\DOCUME~1\j224k\LOCALS~1\Temp\opf14.tmp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\autoupdate.exe" Gilautouc
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IPO3] "C:\Program Files\LG Software\IP Operator\IP Operator.exe" -aUtOsTaRtFrOmReG
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [batterymiser] "C:\Program Files\LG Software\Battery Miser\batterymiser.exe"
O4 - HKLM\..\Run: [KeybdUtility] "C:\Program Files\LG Software\On Screen Display\HotKey.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [SRSTrayApp] C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRSTrayApp.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} (KTCtrl Class) - http://support.kornet.net/sw5/order/Speed/...peedNewCtrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1149126603531
O16 - DPF: {7C09DD8F-D1C6-4315-AE96-AC328FDF734B} (KTActiveX Control) - http://support.kornet.net/sw5/order/Speed/cab/KTActiveX.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/yescard2/npkcx_inca.cab
O16 - DPF: {F36637AF-96ED-4044-9907-C0D82A2A91FD} (Xnote Control) - http://www.lge.co.kr/Xnote.cab
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SRS PostInstaller Service (SRS_PostInstaller) - SRS Labs, Inc. - C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

tnx again,
sempai
LoPhatPhuud
Jun 30 2006, 09:47 PM
Thanks for the logs. It appears the Ewido removed your -- not allowed here -- collection. I doubt every program was infected with an IRCBot exploit. Most likely there is some form of wrapper, etc., that its catching, especially if a p2p network was the source. Its your choice, you can empty the quarantine to remove them, or restore them back. I don't trust p2p sites in general so I would recommend removing.

OK, now back to work...

First:
Launch Notepad, and copy/paste in the box below to a new text file.
Save it on your Desktop as fixme.reg

CODE
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr" = -

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools]
"DisableRegistryTools" = -

Locate fixme.reg on your Desktop and double-click on it.

You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer 'Yes' and wait for a message to appear similar to "Merged Successfully".


Second:
Regsecure may be interfereing with regedit. Make sure the task is not running, and then try regedit.

ALso, advise of all outstanding issues
sempai
Jul 1 2006, 09:20 AM
1. all instructions are done succesfully.
2. all quarantine files are now permanenlty deleted.
3. i already uninstall regcure since its only a trial version and im not using it anyway.
4. try regedit and its working.


i will use AVAST HOME as my new AV... do i need to uninstall ewido?

tnx,
sempai
LoPhatPhuud
Jul 1 2006, 07:50 PM
You can keep Ewido. At the end of the trial period the real time protection will stop but you can still do on demand scans. I recommend keeping it!
sempai
Jul 2 2006, 12:02 AM
ok, are we finish fixing my problems? does avast has a real time protection also?

tnx,
sempai
LoPhatPhuud
Jul 2 2006, 02:57 AM
For now we are indeed done.

Yes, Avast does offer real time protection. It is one of two free AV's I recommend (the other is AVG).

If you don;t mind paying, then Kaspersky or NOD32 are the ones to use.
sempai
Jul 2 2006, 06:08 AM
ok tnx a lot... one last thing before we ended.......... is ok to delete the tools that weve used (eccept ewido)? or do you recommend keeping them?

tnx a lot bro,
semp
LoPhatPhuud
Jul 2 2006, 06:34 AM
Since many of the tools update for new variants, its best to remove them now, and download again in the future if needed. But do keep Ewido and scan with it regularly
sempai
Jul 2 2006, 08:58 AM
ok... let me tnk you for being so helpful and nice to me, hope you wont hesitate incase i will be needing again your help.... again thank you.

sempai
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.