[Excal]

When I click on it, its downloads no problem.

You might want to consider firefox, even if its only just until we get you fixed up. I use firefox all the time, and Highly recommend it. Its much safer to use than IE.

Firefox



Excal

[Advertisements]

I do use Firefox, but very few downloads are working with it. Have only been using IE to download what I need to fix computer. Still can't get to the program to download.

[lannie]

I do use Firefox, but very few downloads are working with it. Have only been using IE to download what I need to fix computer. Still can't get to the program to download.

[Excal]

I am using Firefox and I have no problem downloading it, thats not right.

Let me see a HiJackthis please


Thanks,



Excal

[lannie]

Told you the computer has gone wacko. A couple of days before I first came to this site I had run an A-squared scan and found "bookedspace". It tried to remove, but said it couldn't get all of the files. Does that help? Here is HJT

Thanks lots!

Logfile of HijackThis v1.99.1
Scan saved at 9:29:47 PM, on 8/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Emoticons Mail\emomail.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\IMsecure\IMsecure.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (disabled by BHODemon)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\Pavilion\XPHNABS3EN\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Emoticons Mail] C:\Program Files\Emoticons Mail\emomail.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - Startup: IMsecure.lnk = C:\Program Files\IMsecure\IMsecure.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: msvcr71 - http://download.pest...nts/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[lannie]

This is what the download page looks like on my screen. It never takes me to the new site and if I try to get to the site it is not in English and I can't swith to a different language.
Sorry for all the trouble!

Çàïðîøåííûé ôàéë íå íàéäåí



ñîæàëåíèþ, çàïðîøåííûé Âàìè ôàéë íå íàéäåí. Ñêîðåå âñåãî, ýòî ïðîèçîøëî èç-çà îáíîâëåíèÿ âåðñèè äèñòðèáóòèâà. Ïîæàëóéñòà, íàéäèòå åãî ñàìîñòîÿåòåëüíî â íàøåì ñïåöèàëüíîì ðàçäåëå. Âû ìîæåòå ïåðåéòè â ðàçäåë "Çàãðóçèòü" èëè ïîäîæäàòü 30 ñåêóíä äëÿ àâòîìàòè÷åñêîãî ïåðåõîäà.

Unfortunately, the requested file has not been found. Perhaps it was renewed and renamed. You can find the right distributive in our Download section by visiting this page or wait 30 seconds for automatic redirect.

[lannie]

I rebooted and ran every cleaner I own. I was then able to get to the site and have downloaded the Kaspersky Trial. I will reboot and start the scan!
Keep your fingers crossed!
Thanks,
Lannie

[Excal]

nothing is showing up on any of the logs, so I am hoping one of these scanners will pick somthing up so we know which direction to go.


Excal

[lannie]

Bingo! Wasn't able to run the downloaded scan because it kept crashing, but I did connect to the Kaspersky online scanner and this is what I got....(am now running the downloaded program, but not in safe mode. Had to get the updates first. It is updated and running. When done I will try it in safe mode. Took me forever to establish an internet connection. The "thing" keeps kicking me offline!
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, August 24, 2005 01:56:49
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 24/08/2005
Kaspersky Anti-Virus database records: 136728
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 111679
Number of viruses found: 2
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 5976 sec

Infected Object Name - Virus Name
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01/data.rar/postcard.exe/data.rar/script.ini Infected: Backdoor.Win32.IRC.Zapchast
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01/data.rar/postcard.exe/data.rar/svchost.exe Infected: Backdoor.Win32.mIRC-based
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01/data.rar/postcard.exe/data.rar Infected: Backdoor.Win32.mIRC-based
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01/data.rar/postcard.exe Infected: Backdoor.Win32.mIRC-based
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01/data.rar Infected: Backdoor.Win32.mIRC-based
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01 Infected: Backdoor.Win32.mIRC-based
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_ Infected: Backdoor.Win32.mIRC-based

Scan process completed.

[Excal]

Lets try this one in safe mode also please


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers" to download the program.
• Install it.
• When you open the program, it will prompt you to update to the latest definitions.
• Please do so, then click "Sweep Now".
• Click the "Start" button.
• When it's done scanning, click the "Next" button.
• Make sure everything has a check next to it, then click the "Next" button.
• It will remove all of the items found.
• Click "Session Log" in the upper right corner, copy everything in that window.
• Click the Summary tab and click "Finish".
• Paste the contents of the session log you copied into your next reply.

[lannie]

Sorry I have been working and haven't had a chance to do as much. Just downloaded the program will reboot and follow your instructions. Thanks

[lannie]

This is the Spysweeper log: it found a removed an object...

********
7:23 PM: |··· Start of Session, Wednesday, August 24, 2005 ···|
7:23 PM: Spy Sweeper started
7:23 PM: Sweep initiated using definitions version 521
7:23 PM: Starting Memory Sweep
7:24 PM: Memory Sweep Complete, Elapsed Time: 00:00:50
7:24 PM: Starting Registry Sweep
7:24 PM: Registry Sweep Complete, Elapsed Time:00:00:16
7:25 PM: Starting Cookie Sweep
7:25 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:25 PM: Starting File Sweep
7:26 PM: Found Adware: abetterinternet
7:26 PM: abiuninst.htm (ID = 83087)
7:32 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\webshots data\collections.html:kavichs". The system cannot find the file specified
7:32 PM: File Sweep Complete, Elapsed Time: 00:07:25
7:32 PM: Full Sweep has completed. Elapsed time 00:08:39
7:32 PM: Traces Found: 1
7:40 PM: Removal process initiated
7:40 PM: Quarantining All Traces: abetterinternet
7:40 PM: Removal process completed. Elapsed time 00:00:02
********
7:23 PM: |··· Start of Session, Wednesday, August 24, 2005 ···|
7:23 PM: Spy Sweeper started
7:23 PM: Sweep initiated using definitions version 521
7:23 PM: Starting Memory Sweep
7:23 PM: Sweep Canceled
7:23 PM: Memory Sweep Complete, Elapsed Time: 00:00:10
7:23 PM: Traces Found: 0
7:23 PM: |··· End of Session, Wednesday, August 24, 2005 ···|
********
7:23 PM: |··· Start of Session, Wednesday, August 24, 2005 ···|
7:23 PM: Spy Sweeper started
7:23 PM: Program Version 4.0.4 (Build 430) Using Spyware Definitions 521
7:23 PM: |··· End of Session, Wednesday, August 24, 2005 ···|

[lannie]

Kaspersky anti-virus found and removed an object The scan log is long and it won't allow me to copy and past. It mentioned Trojanbackdoor Win32.IRC.zapchast
Thanks
Lannie

[Excal]

Can you just post the effected lines?




Excal

[lannie]

here is the section of the kaspersky search:
Thanks Again

C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_\B44AC5F3d01 object could not be disinfected, disinfection postponed 8/24/2005 9:53:32 AM
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_ is a Trojan Backdoor.Win32.mIRC-based 8/24/2005 9:53:32 AM
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_\B44AC5F3d01\postcard.exe\script.ini is a Trojan Backdoor.Win32.IRC.Zapchast 8/24/2005 10:34:08 AM
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_ moved to the backup storage 8/24/2005 10:34:17 AM
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_\B44AC5F3d01\postcard.exe is a Trojan Backdoor.Win32.IRC.Zapchast 8/24/2005 10:34:17 AM
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_\B44AC5F3d01 is a Trojan Backdoor.Win32.IRC.Zapchast 8/24/2005 10:34:17 AM
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_\B44AC5F3d01 deleted 8/24/2005 10:34:17 AM

[lannie]

One last log! This was the online Kaspersky results (just the small bottom section)
Hope it helps.

Lannie

Scan Statistics:
Total number of scanned objects: 111679
Number of viruses found: 2
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 5976 sec

Infected Object Name - Virus Name
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01/data.rar/postcard.exe/data.rar/script.ini Infected: Backdoor.Win32.IRC.Zapchast
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01/data.rar/postcard.exe/data.rar/svchost.exe Infected: Backdoor.Win32.mIRC-based
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01/data.rar/postcard.exe/data.rar Infected: Backdoor.Win32.mIRC-based
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01/data.rar/postcard.exe Infected: Backdoor.Win32.mIRC-based
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01/data.rar Infected: Backdoor.Win32.mIRC-based
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_/B44AC5F3d01 Infected: Backdoor.Win32.mIRC-based
C:\Program Files\Support.com\backup\B4\B44AC5F3d01\859817_5a9917a61_ Infected: Backdoor.Win32.mIRC-based