Need Help!. Can't access task manager. Another program is currently using this file.

bunnienico · #1 June 27th, 2007, 11:16 PM

Hi there,

I have a problem accessing the task manager on my laptop. After searching on the net, I came across a thread in this forum with the same problem. (Ref: http://www.cybertechhelp.com/forums/...d.php?t=157910)

Basically I can't seem to run taskmgr or cmd. I got an error saying "Another program is currently using this file!

Would really appreciate some help!!!

Thanks a lot!

Acrobaze · #2 June 27th, 2007, 11:26 PM

Hi,
and welcome to CTH.

We must know what is running in this computer, so :

Post these two logs, please :

- Download HijackThis 1.99.1 from:
HERE.

Create a new folder only for HijackThis (Example : C:\HJT).But don't let it on
your desktop or in a temp folder!
Unzip it to this folder.
Click "Scan", after click "Save Log".
Save the log, and copy/paste it into your response to this thread.
Dont check or fix anything yet.

- Download SilentRunners.vbs.
Run it. It generates a log, wait that the scan is complete (there is a popup at the end). Copy/paste it here, please.
(If your antivirus queries the script, allow it to run. It's not malicious.)

NB : several posts may be needed.

bunnienico · #3 June 27th, 2007, 11:47 PM

Logfile of HijackThis v1.99.1
Scan saved at 23:28:33, on 27/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apache\Apache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Apache\Apache.exe
C:\Program Files\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\FlashGet\flashget.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipCheap] "C:\Program Files\VoipCheap\VoipCheap.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Psi.lnk = C:\Program Files\Psi\psi.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=b9f4b22771d9ca23ed3d1284bf05b2ea/aff=t_25oa_ukca_wg/p/release/playfirst/wg_dinerdash2/dinerdash2/DinerDash2.1.0.0.48.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apache - Unknown owner - C:\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\Program Files\Serv-U\ServUDaemon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\tomcat\bin\tomcat5.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHar dwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

bunnienico · #4 June 27th, 2007, 11:48 PM

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"VoipCheap" = ""C:\Program Files\VoipCheap\VoipCheap.exe" -nosplash -minimized" [file not found]
"VoipStunt" = ""C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized" ["VoipStunt"]

HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once\ {++}
"ICQ Lite" = "C:\Program Files\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"URLLSTCK.exe" = "C:\Program Files\Norton Internet Security\UrlLstCk.exe" ["Symantec Corporation"]
"HKSERV.EXE" = "C:\Program Files\Sony\HotKey Utility\HKserv.exe" ["Sony Corporation"]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Hcontrol" = "C:\WINDOWS\ATK0100\Hcontrol.exe" [empty string]
"ISBMgr.exe" = "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" ["Sony Corporation"]
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"Mouse Suite 98 Daemon" = "ICO.EXE" ["Primax Electronics Ltd."]
"VAIO Update 2" = ""C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary" ["Sony Corporation"]
"Switcher.exe" = "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" ["Sony Corporation"]
"SonyPowerCfg" = "C:\Program Files\sony\vaio power management\SPMgr.exe" ["Sony Corporation"]
"PDService.exe" = "C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe" ["Utimaco Safeware AG"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"]
"ICQ Lite" = ""C:\Program Files\ICQLite\ICQLite.exe" -minimize" ["ICQ Ltd."]
"p2p networking" = "p2pnetworking.exe" [null data]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{8b15971b-5355-4c82-8c07-7e181ea07608}\(Default) = "Fax"
\StubPath = "rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser" [MS]
{94de52c8-2d59-4f1b-883e-79663d2d9a8c}\(Default) = "Fax Provider"
\StubPath = "rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallP rovider" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Web assistant"
-> {HKLM...CLSID} = "CNisExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "IeCatch2 Class"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{ED58A35B-B554-42AF-A26C-6F3D424200D3}" = "Sony Power Management Extensiond"
-> {HKLM...CLSID} = "SPMPanel"
\InProcServer32\(Default) = "c:\program files\sony\vaio power management\spmpanel.dll" ["Sony Corporation"]
"{F6A51CCC-6AA6-46ad-B726-97466F0A38BF}" = "SafeGuard® PrivateDisk extension"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdshell.dll" ["Utimaco Safeware AG"]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "My Sharing Folders"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
SGPDMenu\(Default) = "{F6A51CCC-6AA6-46ad-B726-97466F0A38BF}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdshell.dll" ["Utimaco Safeware AG"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
SGPDMenu\(Default) = "{F6A51CCC-6AA6-46ad-B726-97466F0A38BF}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdshell.dll" ["Utimaco Safeware AG"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Nico Chan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Nico Chan" & "All Users" startup folders:
-----------------------------------------------------------

C:\Documents and Settings\Nico Chan\Start Menu\Programs\Startup
"Psi" -> shortcut to: "C:\Program Files\Psi\psi.exe" [null data]
"WinMySQLadmin" -> shortcut to: "C:\mysql\bin\winmysqladmin.exe" ["MySQL AB"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]
"Service Manager" -> shortcut to: "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]
<<!>> "taskmgr.exe" ["Windows Installer"]
"Winter Fun Wallpaper Changer" -> shortcut to: "C:\WINDOWS\Installer\{038A524F-58DB-438A-8391-8F7F0CA14B9E}\Icon038A524F.exe" [null data]

Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer - Nico Chan" -> launches: "C:\PROGRA~1\NORTON~2\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDetect.exe" [file not found]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 33
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

bunnienico · #5 June 27th, 2007, 11:49 PM

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
-> {HKLM...CLSID} = "Web assistant"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Web assistant"
-> {HKLM...CLSID} = "Web assistant"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar"
-> {HKLM...CLSID} = "FlashGet Bar"
\InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{B13B4423-2647-4CFC-A4B3-C7D56CB83487}\
"ButtonText" = "Share in Hello"
"MenuText" = "Share in H&ello"
"CLSIDExtension" = "{B13B4423-2647-4cfc-A4B3-C7D56CB83487}"
-> {HKLM...CLSID} = "IECmdExecute Class"
\InProcServer32\(Default) = "C:\Program Files\Hello\PicasaCapture.dll" ["Picasa, Inc."]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe" ["Yahoo! Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.club-vaio.sony-europe.com/

Missing lines (compared with English-language version):
[Strings]: 1 line

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apache, Apache, ""C:\Apache\Apache.exe" --ntservice" [null data]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
IPv6 Helper Service, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}
Messenger Sharing USN Journal Reader service, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
MySql, MySql, "C:/mysql/bin/mysqld-nt.exe" [null data]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Serv-U FTP Server, Serv-U, "C:\Program Files\Serv-U\ServUDaemon.exe" [null data]
ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, ""C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"" ["Symantec Corporation"]
VAIO Entertainment File Import Service, VAIO Entertainment File Import Service, "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe" ["Sony Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Canon BJ Language Monitor i70\Driver = "CNMLM4o.DLL" ["CANON INC."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 165 seconds, including 18 seconds for message boxes)

Acrobaze · #6 June 28th, 2007, 05:11 PM

Ok. Then we'll follow these steps :

1- Download the attached file and save it to your C:\ drive. When saved it the file path
should be C:\Yourfile.txt

----------

Download and unzip Avenger to your desktop.
Check Load Script from File and then click the folder Icon on the right side of that section.
Then browse to C:\Yourfile.txt and click open to load it.
Then click the “green light” icon. This will begin execution of the script currently
in memory.
After you have clicked on the “green light” to begin execution of a script, The Avenger
will set itself up to run the next time you reboot your computer, and then will prompt you
to restart immediately.

After your system restarts, a log file should open with the results of Avenger’s actions.
This log file is located at C:\avenger.txt. The Avenger will also have backed up all the
files, etc., that you asked it to delete, and will have zipped them and moved the zip
archives to C:\avenger\backups.zip.

2- After the reboot,

Open hijackthis, scan and place a check mark next to any of the following that remain.
Then click the "Fix Checked" button.

O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe

O4 - Global Startup: taskmgr.exe

Close HijackThis.

3- Go here and download ATF cleaner.
Use it to remove all Temp Files, Cookies and Temp Internet Files, Java Cache and any others
that you would like to remove. If you also use Opera or Firefox, also click on the cleaning
options for each browser(they must be closed).

- Download the free version of AVG Anti-Spyware from here to your Desktop and doubleclick on the executable to install it.

Launch AVG Anti-Spyware (there should be an icon on your desktop, doubleclick it if the program does not open). The program will now go to the main screen.

You will now need to update AVG Anti-Spyware to the latest definition files. On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. Do not run a scan yet.
(If their server is too busy, then download and install the full database from HERE.)
When you have done this, boot into Safe Mode (restart your computer and tap F8 continuously as it restarts).

Run AVG Anti-Spyware now. First click on Settings > Recommended Action and change it to Quarantine. Next look at Reports and uncheck "Only if threats were found". Dont change any other settings.

Click on the "Scan" tab and click on "Complete System Scan" to begin scanning. When the scan is finished, look at "Set all elements to" and click to change to "Quarantine" if this option is not displayed. Click on "Apply All Actions" and then click the "Save Report" button at the bottom of the screen. Click on "Save Report As" and save the report to your desktop. Close AVG Anti-Spyware and reboot.

Post this report with a new HijackThis log, please.

bunnienico · #7 June 28th, 2007, 06:14 PM

Hi, Sorry, but for the first instruction, I'm not sure which attached file to download. I didn't get any file attachments in the post?

Acrobaze · #8 June 28th, 2007, 06:28 PM

Ooopss...I forgot it. here it is :

bunnienico · #9 June 28th, 2007, 11:12 PM

Logfile of HijackThis v1.99.1
Scan saved at 23:00:53, on 28/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apache\Apache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\mysql\bin\mysqld-nt.exe
C:\Apache\Apache.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\sony\vaio power management\SPMgr.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipCheap] "C:\Program Files\VoipCheap\VoipCheap.exe" -nosplash -minimized
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Psi.lnk = C:\Program Files\Psi\psi.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Winter Fun Wallpaper Changer.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://webgames.d.tmsrv.com/c=b9f4b22771d9ca23ed3d1284bf05b2ea/aff=t_25oa_ukca_wg/p/release/playfirst/wg_dinerdash2/dinerdash2/DinerDash2.1.0.0.48.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apache - Unknown owner - C:\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\Program Files\Serv-U\ServUDaemon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\tomcat\bin\tomcat5.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHar dwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

bunnienico · #10 June 28th, 2007, 11:15 PM

Hi, the AVG Scan report seems to be really long ... is there a way I can attach the report as a file in here?

bunnienico · #11 June 28th, 2007, 11:27 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:47:40 28/06/2007

+ Scan result:

C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_586700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_2_506500.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_2_528600.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_507800.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_507800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_617400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_535900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_4_664100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_615200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\10 Items Or Less 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\1408 2007 DVDSCR AC3-THS.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\3D Fish School Screensaver 3.92.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\A Crime DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\A Handy Address Book Server v.1.3.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\A Mighty Heart (2007).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\A Secret Handshake 2007 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\AK Research Chm2web Pro v2.7 UNICODE.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\AK Research NotesHolder v1.52.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\ALSoft Duplicate File Detector v2.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\ALSoft Slideshow Movie Producer v1.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\ALSoft Video Converter v1.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\AVG Antivirus Professional 7.5.464.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Absolute Sound Recorder v3.4.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Access Manager for Windows v7.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\ActiveState Komodo IDE v4.0.1.274919.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Ad-Aware 2007 Pro 7.0.1.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Ad-Aware 2007 Pro v7.0.1.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Adobe Photoshop Backdrop Designer 1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Adobe Photoshop CS3 Retail.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Adobe Photoshop Lightroom 1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Adorage The Book 1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Advanced WindowsCare 2.5 Pro.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Age of Mythology Gold Edition.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Agogo Video To iPod PSP Cell Phone Xbox Pocket PC PDA M.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Aha-soft ArtCursors 5.16.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Airport Tycoon 3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Alcohol 120 1.9.6.4719.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Alien Shooter Vengeance 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Almeza MultiSet v4.1.185.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Alpha Prime.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\American Pie 5 The naked mile DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Amores Perros (2000) (Spanish).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Amores.Perros 2000 DVDRip Divx.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\AnyDVD 6.0.8.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Area 51.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Ashampoo Magical Security 2 v2.00.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Atomic Bomberman iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Atomix Virtual DJ v4.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Audio Catalog 3.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\AutoRun Design Specialty v7.0.6.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Avast! AntiVirus Pro edition 4.7.892.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Backup4all Professional v3.9.270 Multilingual.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Bandwidth Monitor 3.0.659.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Basic Inventory Control v5.0.120.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\BeetleJuice 1998 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\BestAddress HTML Editor 2007 Pro v10.2.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Better JPEG v1.7.1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\BitDefender Antivirus Plus 10.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\BitDefender Antivirus Plus v10.247.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Black Christmas 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Black Snake Moan 2007 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Blade 3 Trinity DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Blaze Music DVD Creator v2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\BlazingTools Perfect Keylogger v1.6.6.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Blind Dating.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\BlueSoleil v3.2.2.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Blur 2007 DvDrip AC3 Xvid-aXXo.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Breach 2007 NTSC DVDR-IYA.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Britannica Childrens Encyclopedia 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Brooklyn Rules 2007 CAM VCD.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Brother Bear DVDRip XviD-CFH.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Bsplayer Pro 2.16.945.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Business Card Workshop 3.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\CSI 3 Dimensions of Murder.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\CSI 3 Dimensions of Murder-RELOADED iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\CSI 3 Dimensions of Murder.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Call for Heroes Pompolic Wars-DELiGHT iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Call of Duty Game of the Year Edition iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Call of Duty II iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Capricorn One 1978 DVDRip DivX-BlackMaguS.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Captivity (2007).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Captivity CAM VCD-CANALSTREET.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Caricature Studio 2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Cartoon Maker v3.17.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Casino VIP.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Catch a Fire 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Catch and Release 2007 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Champion 2005 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Championship Manager 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Chapter 27 2007 PL DVDRiP XViD-BEER.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Charlottes Web 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Chessmaster 10th Edition.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Chocolate Castle v1.03.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Cinema 4D Studio Bundle.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\City of God (2002) (Portuguese).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\CoffeeCup Web Video Recorder v 3.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Colin McRae Dirt.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Colin McRea DIRT iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Company Of Heroes.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\ConceptDraw Professional v7.0.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\ConceptDraw Professional v7.03.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Cool Read 1.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Copy Monkey v1.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\CornerChaos v1.1.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Crank 2006 DVDRip XviD-aXXo.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Crime Puzzle v1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Criminal Intent 2 v1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\DAEMON Tools Pro v4.10.0215 32bit INTERNAL.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\DAEMON Tools Pro v4.10.0215.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\DVD Album Creator v3.1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\DVD Album Creator v3.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\DVD ReBuilder ver.1.26.1 Pro.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\DVDFab Platinum v3.1.4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Daemon Tools Pro 4.10.0215.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Daemon Vector.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Dark Files v4.0.1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Das Leben der Anderen (2006) (German).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\DawningSoft PDF2WORD v1.0.0515.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Dee Mon Video Enhancer v1.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Depth Of Field Generator PRO v3.0.73 for Adobe Photosho.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Diskeeper 2007 11.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\DocArc v1.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Dodgeball DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Download Accelerator Plus Premium 8.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Dreamweaver CS3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Driver Parallel Lines.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Driver Genius 2007 v7.1.0.622.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Driver Geniusv7.1.0.622.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Driver Parallel Lines iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Duplicate File Remover v1.2.262.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\EMS Data Comparer 2007 for Oracle 2.0.0.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Easy Photo Recovery v1.4.319.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Easy SMTP Server v2.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Enemy Territory Quake Wars.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\EnergyXT VSTi v2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Evan Almighty (2007).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).

bunnienico · #12 June 28th, 2007, 11:31 PM

C:\Documents and Settings\Nico Chan\Shared\_\Evan Almighty 2007 CAMERA CAM.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Evan Almighty 2007 TS xVID-LRC.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Everest Ultimate Edition 2007 4.00.976.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Everyones Hero DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Excalibur 2555 AD.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Eye Of The Dolphin 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\FIFA 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Face Smoother v1.15.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\FadeToBlack AVI Video Editor 2.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Family DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Fantastic Four Rise Of The Silver Surfer (2007).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Final Armada (PSP).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Flags of Our Fathers 2006 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\FlashGet 1.80 Beta.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\FlexHex Version 2.45.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Flourish DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Fracture TS XViD-20th.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Freak Out Extreme Freeride.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Free Jimmy 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Fruity Loops Studio 7 - XXL Edition 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Full Speed 2.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\GIF Movie Gear v4.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\GameHouse Snowy Lunch Rush v1.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Get Data Back 3.1.03.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\GetData Recover My Files v3.98.5649.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Getright Professional v6.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Ghost Rider EXTENDED DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Ghostbusters 1 And 2 DVDRip Xvids.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Golden FTP Server Pro v3.02.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\GoldenHawk CDRWin v4.0E Unicode.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Goodbye Bafana 2007 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Goodbye Bafana 2007 LIMITED DVDRip XviD-DMT.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Google Earth Pro 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Google Earth Pro 4.0.2737.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Grand Theft Auto Liberty City iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Grand Theft Auto Liberty City iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Grand Theft Auto Vice City.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Graphite 8.0.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\HDClone Professional v3.2.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\HS WinPerfect.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Half-Life 2 Episode One.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Halo 2 Repack-Razor1911 XP iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Halo Trivia.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Happily NEver After 2007 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Happy Feet DVDRip XviD-DiAMOND.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Harold and Kumar Go To White Castle DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Harry Potter and the Chamber of Secrets (2002).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Harry Potter and the Goblet of Fire (2005).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Harry Potter and the Order of the Phoenix.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Harry Potter and the Prisoner of Azkaban (2004).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Harry Potter and the Sorcerer's Stone (2001).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Harsh Times 2006 DVDRiP XviD.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Hide IP Platinum 3.42.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Hide IP Platinum V3.42.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Hide My Drives 1.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\History Sweeper ver. 2.83.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Hostel 2 Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Hostel Past 2 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Hot Fuzz 2007 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\House of Wax 2005 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Hoyle Casino 3D.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Ice Spiders 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Image Sizer v1.04.18.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\IncrediMail Xe Premium 5.5.0 Build 284.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Infernal iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Internet Download Accelerator 5.1.2.1051.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Internet Download Manager 5.05.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Internet Download Manager 5.11.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Internet Download Manager v5.11.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Intervideo WinDVD Platinum 8.0.6.104.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Invisible Browsing Ver.5.0.1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\J. River Media Center v12.0.251.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Jason and the Argonauts 1963 DVDrip Divx.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Jig Art Quest.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Just Like Heaven 2005 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Just My Luck 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\K-Lite Mega Codec Pack 2.2.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Kick Shot Pool.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Kickin It Old Skool.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Killzone Liberation (PSP).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\King Kong 2005 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Knocked Up 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Kung Fu Hustle 2004 720p BluRay DTS x264 HDTV.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\LOST Season 1 All RS.com.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Lady Chatterley 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Lavasoft Ad-Aware 2007 Professional Edition 7.0.1.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Legion Arena.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Limewirepro 4.13.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Little Shop of Horrors 1986 DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Longford 2006 DVDRip XviD-NEPTUNE.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Longtion AutoRun Pro Enterprise v12.0..rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Longtion AutoRun Pro Enterprise v12.0.1.120.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Lost Planet ExtremeCondition iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Lost Planet ExtremeCondition iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Love 2005 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\MS Office 2007 Ultimate.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Ma and Pa Kettle Go To Town 1950 DVDRip Divx.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Mackie Tracktion v3.0.2.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Macro Express v3.6.0.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Macro Express v3.711.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Magic Utilities 5.20.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Magix Movie Edit Pro 12.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Magus In Search of Adventure v1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\MaizeSoft Maize Sampler VSTi v1.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Mario Kart Racing 2007 (Nintendo DS).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Medal Of Honours Heroes (PSP).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Medal of Honor Allied Assault.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Microsoft Office 2003.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Microsoft Office 2006 Enterprise Final.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Microsoft Virtual PC 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Microsoft Windows Vista Final 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Microsoft Windows XP Professional Student Edition SP2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Monster Park Madness v1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\MotoRacer 3 Gold Edition.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Mr Brooks 2007 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Mujeres infieles 2004 DVDRip-WTURKA.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\NOD32 Antivirus 2.70.39.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Need For Speed Carbon ISO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Nero 7.7.5.1 Portable.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Nero 7.9.6.0 Ultra Premium.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\NetSupport School Professional 8.51.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Network Magic 4.1.7039.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Network Magic v4.1.7039.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Neuview Media Player 6.07.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Next 2007 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Nightmare On Elm Street BOXSET DVDRip XviD AC3-WAF.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Norton Antivirus 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Nueve reinas 2000 DVDRip XviD-WTURKA.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\ObjectRescue Documents Rescue Professional v4.5.162.Mul.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Ocean's Thirteen (2007).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Oceans 13 INTERNAL TS RMVB-PUKKA.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Okoker Easy Recorder v2.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\Nico Chan\Shared\_\Open Mini Golf.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).

**Jintan** · #13 July 1st, 2007, 02:00 AM

Acrobaze is not available right now bunnienico so I thought to follow up with you here.

Looks like infection packed quite a few bogus file downloads into your P2P shared folders. I am assuming this was not the entire AVG log.

Best if you open and update AVG again, then repat that same step by running a new scan in Safe Mode. Save the report, and reboot back to normal mode.

After the reboot Download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Run a new HijackThis scan, and post that back here along with the combofix.txt log and the new AVG log please.

bunnienico · #14 July 1st, 2007, 07:05 PM

hiya, yes it is not the complete avg report. do you need the whole report? I've only posted half of them here because it was too long

I'm just wondering what the ComboFix does?

Is this the last fix i need to do? Or there will be more?

Thanks

Acrobaze · #15 July 1st, 2007, 07:19 PM

ComboFix will 1- clean its known malwares and 2- allow us to see if it rests some of them.

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
I can't access Program files or any hard drives and task manager is disabled.	kreature06	Malware Removal	2	September 12th, 2008 01:45 PM
I can't access my Task Manager and Add/Remove	Kinzzey	Malware Removal	55	March 11th, 2008 02:33 PM
cant access Task Manager	Dralan552	Applications	1	January 12th, 2008 07:00 AM
Cant Access Task Manager	Dralan552	Windows XP	1	January 12th, 2008 06:59 AM
windows task manager program	philmetz	Windows XP	3	February 18th, 2006 11:32 PM