Hijack This

cili · January 29, 2006

Variant of the RapidBlaster parasite (in a "kazaa" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name .

apa maksud ni ? aku kena delete kazaa ke?

cili · January 29, 2006

dan juga:

MSIE: Internet Explorer v6.00 (6.00.2600.0000) - Possibly out of date

C:\WINNT\System32\P2P Networking\P2P Networking.exe - Nasty

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll - Nasty

O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll - Nasty

O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing) - Nasty

<ÄØ€´AèìÅØÜÄÅà´ÜÄÔÐ´ÐÁ ´àÌàÀ´ÍÐÕØå ô€¡]•ˆ@É@%¹ÍÑ…±±•È¤€´€´9…ÍÑäñ‰È¼O17 - HKLM\System\CCS\Services\Tcpip\..\{C604C0B6-2644-4C07-A0D5-8199EDD2442D}: NameServer = 202.188.0.133 202.188.1.5 - Possibly nasty

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOLLWÙ˜ÛÛ™H˜ÝOœ‹Ï

polyfuze_4336 · January 29, 2006

ni maknanye ko kena virus rapidblaster..update ko nyer antvirus pastu try disinfect..die just cakap ko tak yah nak try uninstall kazaa tue..tapi cari rapidblaster nyer removal tools nak remove virus tue..

bole download rapidblaster removal tools kat cni klik

cili · January 29, 2006

thanks atas nasihat but aku still tak clear camna nak remove virus tuh guna spywareblaster ?

joetbg_x · January 29, 2006

spywareblaster tu mencegah je. guna Ad-Aware atau Spybot Search & Destroy.

BraDeRz · January 29, 2006

mane satu nie? aku x nampak rapidblaster kat link tu kecuali spywareblaster..

a ah spywareblaster utk blok bad address...

C-Fu · January 29, 2006

ako tak layan hijackthis log yang tak lengkap. sila pos full hijackthis log.

cili · January 29, 2006

ako tak layan hijackthis log yang tak lengkap. sila pos full hijackthis log.
←

tu ringkasannya.

yg lengkap pada posting b4 this

C-Fu · January 29, 2006

you mean this?

"Variant of the RapidBlaster parasite (in a "kazaa" folder in Program Files). It is not recommended you manually uninstall RapidBlaster but use RapidBlaster Killer - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name .

apa maksud ni ? aku kena delete kazaa ke?"

really la, susah gile ke untuk just post full hijackthis log bile orang mintak? ko jugak kan yang nak orang tolong?

cili · January 30, 2006

Logfile of HijackThis v1.99.1

Scan saved at 11:22:00 AM, on 1/29/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\system32\dla\tfswctrl.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINNT\VM_STI.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINNT\System32\P2P Networking\P2P Networking.exe

C:\Program Files\SurfAccuracy\SAcc.exe

D:\Winamp\winampa.exe

C:\Program Files\MediaGateway\MediaGateway.exe

C:\Program Files\Kazaa\kazaa.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Sonique\sqstart.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINNT\System32\ctfmon.exe

C:\Program Files\TBONBin\tbon.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

C:\Program Files\Common Files\Sonic Shared\cinetray.exe

C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe

C:\Program Files\palmOne\HOTSYNC.EXE

C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\WINNT\System32\CTsvcCDA.EXE

C:\WINNT\System32\gearsec.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINNT\System32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\IMRAN1\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll

O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [bigDogPath] C:\WINNT\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [bEQCEfdoD] C:\WINNT\qwkhrnm.exe

O4 - HKLM\..\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [soniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe

O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE

O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\cinetray.exe

O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{C604C0B6-2644-4C07-A0D5-8199EDD2442D}: NameServer = 202.188.0.133 202.188.1.5

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINNT\System32\gearsec.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

joetbg_x · January 30, 2006

install firewall spt ZoneAlarm Free dgn antispyware spt Microsoft AntiSpyware. kan senang keje?

Impreza_2004 · January 31, 2006

cuba try ZoneAlarm Security Suite v6.0 (PC MAG Editor's Choice)..Antivirus + Antispyware + Firewall = selamat mencuba

cili · February 18, 2006

cuba try ZoneAlarm Security Suite v6.0 (PC MAG Editor's Choice)..Antivirus + Antispyware + Firewall = selamat mencuba
←

نشمشع

kalau dia block p2p networking ok ke tuh?

ahmades · February 18, 2006

نشمشع
kalau dia block p2p networking ok ke tuh?
←

Delete ja p2p networking.exe kat hijackthis. Kalau tak ko nanti jadi cam aku yang hari-hari dapat email sampah dan network kena trace dengan sapa ntah. TU SPYWARE TU. Uninstall Kaaza semua sekali dengan tool-tool yang dia bagi kemedian pakai Kaaza Lite Resurrection yang bleh Bleh didownload kat sini.

cili · February 18, 2006

Delete ja p2p networking.exe kat hijackthis. Kalau tak ko nanti jadi cam aku yang hari-hari dapat email sampah dan network kena trace dengan sapa ntah. TU SPYWARE TU. Uninstall Kaaza semua sekali dengan tool-tool yang dia bagi kemedian pakai Kaaza Lite Resurrection yang bleh Bleh didownload kat sini.
←

aku rasa ni nasihat yg sgt cun.

Impreza_2004 · February 18, 2006

?????
kalau dia block p2p networking ok ke tuh?
←

setakat ni dia tak la block sangat la..lagipun aku pakai limewire p2p..cuma block sekiranya de serangan melalui port ...

C-Fu · February 18, 2006

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Program Files\RXToolBar\RXToolBar.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [bEQCEfdoD] C:\WINNT\qwkhrnm.exe
O4 - HKLM\..\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background -> boh checkmark kat line ni kalo ko tak gune WINDOWS messenger.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
←

TUTUP SEMUA WINDOW DAN JUGAK INTERNET EXPLORER SEBELUM FIX SEMUA YANG DI ATAS.

pastu sila buat ni.

pegi start>run

taip cmd

pastu taip tiap2 line di bawah. lepas satu line, tekan enter. tengok ade tak error mesej.

regsvr32 /u C:\PROGRA~1\RXTOOL~1\sfcont.dll

regsvr32 /u "C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll"

regsvr32 /u "C:\Program Files\RXToolBar\RXToolBar.dll"

regsvr32 /u "C:\PROGRA~1\RXTOOL~1\sfcont.dll"

pastu bila dah, RESTART.

pastu sila delete file dan folder2 ni.

C:\Program Files\RXToolBar

C:\Program Files\Zango Programs

C:\WINNT\System32\P2P Networking

C:\WINNT\qwkhrnm.exe

C:\Program Files\SurfAccuracy\

C:\Program Files\MediaGateway\

C:\Program Files\Kazaa\

kalo die kate ade ape2 prob mase nak delete tu, pilih yes je.

STEP 2.

download spybot. http://www.safer-networking.org/en/mirrors/index.html

download, UPDATE.

lepas dah update semua, bukak balik spybot. pegi menu mode>advanced mode. kat menu kiri, pegi tools. checkkan semua, so semua setting boleh kite set.

then kat menu kiri, pegi spybot>immunize. klik immunize, dan klik enable permanent blocking of bad addresses... dan block all pages silently.

pastu gi Tools>Hosts file. add spybot hosts file.

pastu scan. fix, pastu restart. pastu scan balik, takut2 ade problem balik. kalau problem tu asyik kluar balik, sila pos log hijackthis.

kalau tak paham step2 kat atas, boleh tengok flash tutorial untuk step2 dia gak.

STEP 3.

kalo nak software buang file2 yang takde gune kat pc, macam temporary file, gune ccleaner.

http://www.ccleaner.com/ccdownload.asp

download, install, dan bukak ccleaner. run cleaner. restart pc.

FREE

LAST STEP.

sila pos balik log hijackthis terbaru.

Edited February 18, 2006 by C-Fu

dukun · February 19, 2006

kan senang kalu bg log yang penuh punya...

cili · February 19, 2006

ni dia yg terbaru

Logfile of HijackThis v1.99.1

Scan saved at 7:05:20 PM, on 2/19/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\LEXBCES.EXE

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\LEXPPS.EXE

C:\WINNT\Explorer.EXE

C:\WINNT\system32\dla\tfswctrl.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINNT\VM_STI.EXE

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Sonique\sqstart.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINNT\System32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\ypager.exe

C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

C:\Program Files\Common Files\Sonic Shared\cinetray.exe

C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINNT\System32\CTsvcCDA.EXE

C:\Program Files\palmOne\HOTSYNC.EXE

C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe

C:\WINNT\System32\gearsec.exe

C:\WINNT\System32\nvsvc32.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\ZONELABS\vsmon.exe

C:\Documents and Settings\IMRAN1\Desktop\HijackThis.exe

C:\WINNT\System32\imapi.exe