infected! desktop disapears,

Hi

I can not operate my system under normal mode, the desktop items and windows bar keep disappearing. The explorer is not opening weather I try through the desktop or any other location. I have been using the safe mode with networking to connect and operate. I have followed some cleansing however system did not allow to run spybot search and destroy, Panda scan. Could not run Deckard's System Scanner as got a message "You are not authorized to view this page" I have instead run hijack this and posted the log.
Logfile of HijackThis v1.99.1
Scan saved at 10:38:46 AM, on 16/06/2008
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAM FILES 2\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [volume] C:\Arquivos de programas\Arquivos comuns\burnin.scr
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAM FILES 2\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAM FILES 2\iTunesHelper.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\PROGRAM FILES 2\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [787d3d28] rundll32.exe "C:\WINDOWS\system32\mejbpnmm.dll ",b
O4 - HKLM\..\Run: [BM7b4e0eb4] Rundll32.exe "C:\WINDOWS\system32\bovmvbjn.dll ",s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WindowsUpdate.scr
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {C95FE080-8F5D-11D2-A20B-00AA003C157A} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {C95FE080-8F5D-11D2-A20B-00AA003C157A} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7002D66-DBF9-4082-9DCD-C1ADCE487173}: NameServer = 202.56.215.6,202.56.230.6
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\PROGRAM FILES 2\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Please help!

 

Welcome to WindowsBBS dionysus13

Download ComboFix by sUBs from here, saving the file to your desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Thanks noahdfear, however I can not open explorer under normal windows mode so I am using safe mode with networking, and under it i can not download ComboFix getting a "you are not authorised" message

 

Are you able to open the Task Manager in normal mode? If so, click File>New Task (Run) and type iexplore.exe then hit enter. It should open internet explorer and if so, try to download it that way. You might also be able to run ComboFix in normal mode via New Task>Browse>Desktop>ComboFix.exe

What happens if you right click the ComboFix download link and select Save Target As
If it attempts to download or downloads and then won't run, try downloading again and rename it to Combo-Fix_.exe prior to saving it.

Are you able to access and receive email?

 

I have been able to run combofix...please find the log below...thanks a lot

ComboFix 08-06-19.2 - Administrator 2008-06-20 12:57:44.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.614 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM7b4e0eb4.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\Abbbccfe.ini
C:\WINDOWS\system32\Abbbccfe.ini2
C:\WINDOWS\system32\acobtbwr.dll
C:\WINDOWS\system32\avcjrjfy.dll
C:\WINDOWS\system32\bovmvbjn.dll
C:\WINDOWS\system32\cbXNFyxu.dll
C:\WINDOWS\system32\dqsbhktu.ini
C:\WINDOWS\system32\dulknfdv.dll
C:\WINDOWS\system32\fcccbxwv.dll
C:\WINDOWS\system32\gatwtmww.dll
C:\WINDOWS\system32\geBqRhGx.dll
C:\WINDOWS\system32\gyqtgbkx.dll
C:\WINDOWS\system32\hhcbtpap.dll
C:\WINDOWS\system32\hmlpqunu.dll
C:\WINDOWS\system32\lcjoykbs.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mejbpnmm.dll
C:\WINDOWS\system32\mmnpbjem.ini
C:\WINDOWS\system32\mouywpgq.ini
C:\WINDOWS\system32\nrqbopyy.ini
C:\WINDOWS\system32\oeoinkjd.dll
C:\WINDOWS\system32\ogsukkvf.dll
C:\WINDOWS\system32\oyftnumd.dll
C:\WINDOWS\system32\paptbchh.ini
C:\WINDOWS\system32\plufgagd.dll
C:\WINDOWS\system32\qcadyxoy.dll
C:\WINDOWS\system32\qgpwyuom.dll
C:\WINDOWS\system32\rgdedyqv.ini
C:\WINDOWS\system32\rlctjfpv.dll
C:\WINDOWS\system32\rqXHOqss.ini
C:\WINDOWS\system32\rqXHOqss.ini2
C:\WINDOWS\system32\tyjdwmoy.dll
C:\WINDOWS\system32\uqjbgams.ini
C:\WINDOWS\system32\uxyFNXbc.ini
C:\WINDOWS\system32\uxyFNXbc.ini2
C:\WINDOWS\system32\vhxkpdot.dll
C:\WINDOWS\system32\vpfjtclr.ini
C:\WINDOWS\system32\vuratbox.dll
C:\WINDOWS\system32\winmyy32.dll
C:\WINDOWS\system32\yoxydacq.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-20 11:07 . 2008-06-20 11:07 <DIR> d--hs---- C:\FOUND.009
2008-06-20 11:07 . 2008-06-20 13:02 336 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-06-19 01:05 . 2008-06-19 01:05 <DIR> d--hs---- C:\FOUND.008
2008-06-18 14:35 . 2008-06-18 14:35 <DIR> d--hs---- C:\FOUND.007
2008-06-18 12:47 . 2008-06-18 12:47 <DIR> d--hs---- C:\FOUND.006
2008-06-15 16:19 . 2008-06-15 16:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 09:50 . 2008-06-12 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-12 09:33 . 2008-06-12 09:33 <DIR> d--hs---- C:\FOUND.005
2008-06-09 11:58 . 2008-06-09 11:58 <DIR> d--hs---- C:\FOUND.004
2008-06-07 18:39 . 2008-06-07 18:39 <DIR> d--hs---- C:\FOUND.003
2008-06-07 15:31 . 2008-06-16 11:29 3,027 --a------ C:\rollback.ini
2008-06-07 15:24 . 2008-06-07 15:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-06-07 15:23 . 2008-06-07 15:23 71,624 --a------ C:\WINDOWS\PP.reg
2008-06-07 15:23 . 2008-06-07 15:24 54,505 --a------ C:\WINDOWS\system32\Partizan.exe
2008-06-07 15:17 . 2008-06-07 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-07 15:16 . 2008-03-13 23:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-06-07 07:37 . 2008-06-07 07:37 15 --a------ C:\WINDOWS\system32\787d2fa6
2008-06-05 12:34 . 2008-06-05 12:34 31,232 --a------ C:\WINDOWS\system32\winccf32.dll
2008-06-03 19:44 . 2008-06-03 19:44 <DIR> d--hs---- C:\FOUND.002
2008-05-21 19:16 . 2008-05-21 19:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 06:28 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-14 06:34 316 ----a-w C:\drmHeader.bin
2008-04-29 05:50 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 05:49 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 05:49 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 05:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-04-23 05:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-04-22 05:11 --------- d-----w C:\Program Files\Canon
2008-04-22 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-06 07:39 737,280 ------w C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A9D5CD7-C8E0-4A77-B43C-CEF36DB1D170}]
C:\WINDOWS\system32\ssqOHXqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4B28B11-BDEE-455A-8C5A-A7F6DA3908A1}]
C:\WINDOWS\system32\efccbbbA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [ ]
"PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52 1409024]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 22:21 486856]
"BitTorrent DNA "= "C:\Program Files\DNA\btdna.exe" [2008-05-08 10:57 289088]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 01:15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-03 20:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 17:55 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 17:51 118784]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-01-16 12:34 88363 C:\WINDOWS\AGRSMMSG.exe]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"NeroCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:20 155648]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 21:16 172032]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 23:25 49152]
"Nokia Tray Application "= "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-02-10 14:30 425984]
"PCSuiteTrayApplication "= "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 08:29 237568]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2007-12-20 20:46 37376]
"volume "= "C:\Arquivos de programas\Arquivos comuns\burnin.scr" [ ]
"QuickTime Task "= "D:\PROGRAM FILES 2\QuickTime Alternative\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper "= "D:\PROGRAM FILES 2\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ZoneAlarm Client "= "D:\PROGRAM FILES 2\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"WindowsUpdate "= "C:\Arquivos de programas\WindowsUpdate.scr" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert "= "C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 09:04 54936]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-16 16:53:18 113664]
WindowsUpdate.scr [2008-02-11 14:42:32 3601408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32]
winccf32.dll 2008-06-05 12:34 31232 C:\WINDOWS\system32\winccf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"E:\\Bit Torrent\\BitTorrent\\bittorrent.exe "=
"C:\\Program Files\\DNA\\btdna.exe "=
"D:\\PROGRAM FILES 2\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP "= 86:TCP:BroadCam Web Server

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\6.tmp []
S3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 15:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - "D:\COMMAND.EXE" /StartExplorer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - "E:\COMMAND.EXE" /StartExplorer

.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 07:31:42 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-04 14:30:02 C:\WINDOWS\Tasks\At117.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-03 15:30:02 C:\WINDOWS\Tasks\At118.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-03 16:30:02 C:\WINDOWS\Tasks\At119.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-04 17:30:02 C:\WINDOWS\Tasks\At120.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-04 19:17:00 C:\WINDOWS\Tasks\At121.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-04 19:30:02 C:\WINDOWS\Tasks\At122.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-04 18:30:00 C:\WINDOWS\Tasks\At1.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-04 19:30:02 C:\WINDOWS\Tasks\At2.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-04 20:30:02 C:\WINDOWS\Tasks\At3.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-04 21:30:00 C:\WINDOWS\Tasks\At4.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-04 22:30:00 C:\WINDOWS\Tasks\At5.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-04 23:30:00 C:\WINDOWS\Tasks\At6.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-05 00:30:00 C:\WINDOWS\Tasks\At7.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-05 01:30:00 C:\WINDOWS\Tasks\At8.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-07 02:30:00 C:\WINDOWS\Tasks\At9.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-05 03:30:00 C:\WINDOWS\Tasks\At10.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-12 04:30:02 C:\WINDOWS\Tasks\At11.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-06 05:30:00 C:\WINDOWS\Tasks\At12.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-15 06:30:02 C:\WINDOWS\Tasks\At13.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-20 07:30:00 C:\WINDOWS\Tasks\At14.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-18 08:30:02 C:\WINDOWS\Tasks\At15.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-18 09:30:00 C:\WINDOWS\Tasks\At16.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-15 10:30:02 C:\WINDOWS\Tasks\At17.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-07 11:30:02 C:\WINDOWS\Tasks\At18.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-04 12:30:02 C:\WINDOWS\Tasks\At19.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-04 13:30:02 C:\WINDOWS\Tasks\At20.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-04 14:30:02 C:\WINDOWS\Tasks\At21.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-03 15:30:02 C:\WINDOWS\Tasks\At22.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-03 16:30:02 C:\WINDOWS\Tasks\At23.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-04 17:30:02 C:\WINDOWS\Tasks\At24.job "
- C:\WINDOWS\system32\wFb6yDvT.exe
"2008-06-04 18:30:02 C:\WINDOWS\Tasks\At25.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-04 19:30:02 C:\WINDOWS\Tasks\At26.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-04 20:30:02 C:\WINDOWS\Tasks\At27.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-04 21:30:02 C:\WINDOWS\Tasks\At28.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-04 22:30:02 C:\WINDOWS\Tasks\At29.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-04 23:30:02 C:\WINDOWS\Tasks\At30.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-05 00:30:02 C:\WINDOWS\Tasks\At31.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-05 01:30:02 C:\WINDOWS\Tasks\At32.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-07 02:30:02 C:\WINDOWS\Tasks\At33.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-05 03:30:02 C:\WINDOWS\Tasks\At34.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-12 04:30:02 C:\WINDOWS\Tasks\At35.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-06 05:30:02 C:\WINDOWS\Tasks\At36.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-15 06:30:02 C:\WINDOWS\Tasks\At37.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-20 07:30:00 C:\WINDOWS\Tasks\At38.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-18 08:30:02 C:\WINDOWS\Tasks\At39.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-18 09:30:00 C:\WINDOWS\Tasks\At40.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-15 10:30:02 C:\WINDOWS\Tasks\At41.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-07 11:30:02 C:\WINDOWS\Tasks\At42.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-04 12:30:02 C:\WINDOWS\Tasks\At43.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-04 13:30:02 C:\WINDOWS\Tasks\At44.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-04 14:30:02 C:\WINDOWS\Tasks\At45.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-03 15:30:02 C:\WINDOWS\Tasks\At46.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-03 16:30:02 C:\WINDOWS\Tasks\At47.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-04 17:30:02 C:\WINDOWS\Tasks\At48.job "
- C:\WINDOWS\system32\3c4T0b63.exe
"2008-06-04 19:19:00 C:\WINDOWS\Tasks\At49.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-04 19:30:02 C:\WINDOWS\Tasks\At50.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-04 20:30:02 C:\WINDOWS\Tasks\At51.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-04 21:30:02 C:\WINDOWS\Tasks\At52.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-04 22:30:02 C:\WINDOWS\Tasks\At53.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-04 23:30:02 C:\WINDOWS\Tasks\At54.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-05 00:30:02 C:\WINDOWS\Tasks\At55.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-05 01:30:02 C:\WINDOWS\Tasks\At56.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-07 02:30:02 C:\WINDOWS\Tasks\At57.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-05 03:30:02 C:\WINDOWS\Tasks\At58.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-12 04:30:02 C:\WINDOWS\Tasks\At59.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-06 05:30:02 C:\WINDOWS\Tasks\At60.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-15 06:30:02 C:\WINDOWS\Tasks\At61.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-20 07:30:00 C:\WINDOWS\Tasks\At62.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-18 08:30:02 C:\WINDOWS\Tasks\At63.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-18 09:30:00 C:\WINDOWS\Tasks\At64.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-15 10:30:02 C:\WINDOWS\Tasks\At65.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-07 11:30:02 C:\WINDOWS\Tasks\At66.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-04 12:30:02 C:\WINDOWS\Tasks\At67.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-04 13:30:02 C:\WINDOWS\Tasks\At68.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-04 14:30:04 C:\WINDOWS\Tasks\At69.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-03 15:30:02 C:\WINDOWS\Tasks\At70.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-03 16:30:02 C:\WINDOWS\Tasks\At71.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-06-04 17:30:02 C:\WINDOWS\Tasks\At72.job "
- C:\WINDOWS\system32\f6HlLI2L.exe
"2008-05-17 16:59:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-04 18:41:00 C:\WINDOWS\Tasks\At73.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-04 19:30:02 C:\WINDOWS\Tasks\At74.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-04 20:30:02 C:\WINDOWS\Tasks\At75.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-04 21:30:02 C:\WINDOWS\Tasks\At76.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-04 22:30:02 C:\WINDOWS\Tasks\At77.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-04 23:30:02 C:\WINDOWS\Tasks\At78.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-05 00:30:02 C:\WINDOWS\Tasks\At79.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-05 01:30:02 C:\WINDOWS\Tasks\At80.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-07 02:30:02 C:\WINDOWS\Tasks\At81.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-05 03:30:02 C:\WINDOWS\Tasks\At82.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-12 04:30:02 C:\WINDOWS\Tasks\At83.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-06 05:30:02 C:\WINDOWS\Tasks\At84.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-15 06:30:02 C:\WINDOWS\Tasks\At85.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-20 07:30:02 C:\WINDOWS\Tasks\At86.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-18 08:30:02 C:\WINDOWS\Tasks\At87.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-18 09:30:02 C:\WINDOWS\Tasks\At88.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-15 10:30:02 C:\WINDOWS\Tasks\At89.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-07 11:30:02 C:\WINDOWS\Tasks\At90.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-04 12:30:02 C:\WINDOWS\Tasks\At91.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-04 13:30:02 C:\WINDOWS\Tasks\At92.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-04 14:30:04 C:\WINDOWS\Tasks\At93.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-03 15:30:02 C:\WINDOWS\Tasks\At94.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-03 16:30:02 C:\WINDOWS\Tasks\At95.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-04 17:30:02 C:\WINDOWS\Tasks\At96.job "
- C:\WINDOWS\system32\5WaFhg47.exe
"2008-06-04 18:39:00 C:\WINDOWS\Tasks\At97.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-04 19:30:02 C:\WINDOWS\Tasks\At98.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-04 20:30:02 C:\WINDOWS\Tasks\At99.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-04 21:30:02 C:\WINDOWS\Tasks\At100.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-04 22:30:02 C:\WINDOWS\Tasks\At101.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-04 23:30:02 C:\WINDOWS\Tasks\At102.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-05 00:30:02 C:\WINDOWS\Tasks\At103.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-05 01:30:02 C:\WINDOWS\Tasks\At104.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-07 02:30:02 C:\WINDOWS\Tasks\At105.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-05 03:30:02 C:\WINDOWS\Tasks\At106.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-12 04:30:02 C:\WINDOWS\Tasks\At107.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-06 05:30:02 C:\WINDOWS\Tasks\At108.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-15 06:30:02 C:\WINDOWS\Tasks\At109.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-20 07:30:02 C:\WINDOWS\Tasks\At110.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-18 08:30:02 C:\WINDOWS\Tasks\At111.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-18 09:30:02 C:\WINDOWS\Tasks\At112.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-15 10:30:02 C:\WINDOWS\Tasks\At113.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-07 11:30:02 C:\WINDOWS\Tasks\At114.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-04 12:30:02 C:\WINDOWS\Tasks\At115.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-04 13:30:02 C:\WINDOWS\Tasks\At116.job "
- C:\WINDOWS\system32\myyO4C05.exe
"2008-06-04 20:30:02 C:\WINDOWS\Tasks\At123.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-04 21:30:02 C:\WINDOWS\Tasks\At124.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-04 22:30:02 C:\WINDOWS\Tasks\At125.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-04 23:30:02 C:\WINDOWS\Tasks\At126.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-05 00:30:02 C:\WINDOWS\Tasks\At127.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-05 01:30:02 C:\WINDOWS\Tasks\At128.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-07 02:30:02 C:\WINDOWS\Tasks\At129.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-05 03:30:02 C:\WINDOWS\Tasks\At130.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-12 04:30:02 C:\WINDOWS\Tasks\At131.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-06 05:30:02 C:\WINDOWS\Tasks\At132.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-15 06:30:02 C:\WINDOWS\Tasks\At133.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-20 07:30:02 C:\WINDOWS\Tasks\At134.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-18 08:30:02 C:\WINDOWS\Tasks\At135.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-18 09:30:02 C:\WINDOWS\Tasks\At136.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-15 10:30:02 C:\WINDOWS\Tasks\At137.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-07 11:30:02 C:\WINDOWS\Tasks\At138.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-04 12:30:02 C:\WINDOWS\Tasks\At139.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-04 13:30:02 C:\WINDOWS\Tasks\At140.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-04 14:30:08 C:\WINDOWS\Tasks\At141.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-03 15:30:02 C:\WINDOWS\Tasks\At142.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-03 16:30:02 C:\WINDOWS\Tasks\At143.job "
- C:\WINDOWS\system32\A08X5cuK.exe
"2008-06-04 17:30:02 C:\WINDOWS\Tasks\At144.job "
- C:\WINDOWS\system32\A08X5cuK.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 13:01:51
Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath "= "\??\C:\WINDOWS\TEMP\6.tmp "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\winccf32.dll
.
------------------------ Other Running Processes ------------------------
.
D:\PROGRAM FILES 2\aawservice.exe
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\AUPDATE.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\WINDOWSUPDATE.SCR
C:\PROGRAM FILES\COMMON FILES\NOKIA\MPAPI\MPAPI3S.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMS~1.EXE
C:\PROGRAM FILES\CANON\CAL\CALMAIN.EXE
.
**************************************************************************
.
Completion time: 2008-06-20 13:02:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-20 07:32:40

Pre-Run: 1,053,458,432 bytes free
Post-Run: 1,612,251,136 bytes free

476


REally appreciate your help..thanks

 

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-20 13:11:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-06-20 07:41:15 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-06-20 07:27:29 UTC - RP2 - ComboFix created restore point
1: 2008-06-20 07:08:02 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-20 13:12:26
Platform: Windows XP Service Pack 2, v.2096 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAM FILES 2\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Winamp\winampa.exe
D:\PROGRAM FILES 2\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WindowsUpdate.scr
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6A9D5CD7-C8E0-4A77-B43C-CEF36DB1D170} - C:\WINDOWS\system32\ssqOHXqr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C4B28B11-BDEE-455A-8C5A-A7F6DA3908A1} - C:\WINDOWS\system32\efccbbbA.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [volume] C:\Arquivos de programas\Arquivos comuns\burnin.scr
O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAM FILES 2\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAM FILES 2\iTunesHelper.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\PROGRAM FILES 2\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [WindowsUpdate] C:\Arquivos de programas\WindowsUpdate.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WindowsUpdate.scr
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{D7002D66-DBF9-4082-9DCD-C1ADCE487173}: NameServer = 202.56.215.6,202.56.230.6
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: winccf32 - C:\WINDOWS\system32\winccf32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\PROGRAM FILES 2\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: - http://tbn0.google.com/images?q=tbn:WHBaruNRJarHJM:http://www.ntferro.com/shop/images/N.webcopy.jpg

--
End of file - 9189 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1 ",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780} - c:\windows\temp\6.tmp (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-20 13:07:46 428 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-06-20 13:00:02 350 --a------ C:\WINDOWS\Tasks\At86.job
2008-06-20 13:00:02 350 --a------ C:\WINDOWS\Tasks\At134.job
2008-06-20 13:00:02 350 --a------ C:\WINDOWS\Tasks\At110.job
2008-06-20 13:00:00 350 --a------ C:\WINDOWS\Tasks\At62.job
2008-06-20 13:00:00 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-06-20 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-06-18 15:00:02 350 --a------ C:\WINDOWS\Tasks\At88.job
2008-06-18 15:00:02 350 --a------ C:\WINDOWS\Tasks\At136.job
2008-06-18 15:00:02 350 --a------ C:\WINDOWS\Tasks\At112.job
2008-06-18 15:00:00 350 --a------ C:\WINDOWS\Tasks\At64.job
2008-06-18 15:00:00 350 --a------ C:\WINDOWS\Tasks\At40.job
2008-06-18 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-06-18 14:00:02 350 --a------ C:\WINDOWS\Tasks\At87.job
2008-06-18 14:00:02 350 --a------ C:\WINDOWS\Tasks\At63.job
2008-06-18 14:00:02 350 --a------ C:\WINDOWS\Tasks\At39.job
2008-06-18 14:00:02 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-06-18 14:00:02 350 --a------ C:\WINDOWS\Tasks\At135.job
2008-06-18 14:00:02 350 --a------ C:\WINDOWS\Tasks\At111.job
2008-06-15 16:00:02 350 --a------ C:\WINDOWS\Tasks\At89.job
2008-06-15 16:00:02 350 --a------ C:\WINDOWS\Tasks\At65.job
2008-06-15 16:00:02 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-06-15 16:00:02 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-06-15 16:00:02 350 --a------ C:\WINDOWS\Tasks\At137.job
2008-06-15 16:00:02 350 --a------ C:\WINDOWS\Tasks\At113.job
2008-06-15 12:00:02 350 --a------ C:\WINDOWS\Tasks\At85.job
2008-06-15 12:00:02 350 --a------ C:\WINDOWS\Tasks\At61.job
2008-06-15 12:00:02 350 --a------ C:\WINDOWS\Tasks\At37.job
2008-06-15 12:00:02 350 --a------ C:\WINDOWS\Tasks\At133.job
2008-06-15 12:00:02 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-06-15 12:00:02 350 --a------ C:\WINDOWS\Tasks\At109.job
2008-06-12 10:00:02 350 --a------ C:\WINDOWS\Tasks\At83.job
2008-06-12 10:00:02 350 --a------ C:\WINDOWS\Tasks\At59.job
2008-06-12 10:00:02 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-06-12 10:00:02 350 --a------ C:\WINDOWS\Tasks\At131.job
2008-06-12 10:00:02 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-06-12 10:00:02 350 --a------ C:\WINDOWS\Tasks\At107.job
2008-06-07 17:00:02 350 --a------ C:\WINDOWS\Tasks\At90.job
2008-06-07 17:00:02 350 --a------ C:\WINDOWS\Tasks\At66.job
2008-06-07 17:00:02 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-06-07 17:00:02 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-06-07 17:00:02 350 --a------ C:\WINDOWS\Tasks\At138.job
2008-06-07 17:00:02 350 --a------ C:\WINDOWS\Tasks\At114.job
2008-06-07 08:00:02 350 --a------ C:\WINDOWS\Tasks\At81.job
2008-06-07 08:00:02 350 --a------ C:\WINDOWS\Tasks\At57.job
2008-06-07 08:00:02 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-06-07 08:00:02 350 --a------ C:\WINDOWS\Tasks\At129.job
2008-06-07 08:00:02 350 --a------ C:\WINDOWS\Tasks\At105.job
2008-06-07 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-06-06 11:00:02 350 --a------ C:\WINDOWS\Tasks\At84.job
2008-06-06 11:00:02 350 --a------ C:\WINDOWS\Tasks\At60.job
2008-06-06 11:00:02 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-06-06 11:00:02 350 --a------ C:\WINDOWS\Tasks\At132.job
2008-06-06 11:00:02 350 --a------ C:\WINDOWS\Tasks\At108.job
2008-06-06 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-06-05 09:00:02 350 --a------ C:\WINDOWS\Tasks\At82.job
2008-06-05 09:00:02 350 --a------ C:\WINDOWS\Tasks\At58.job
2008-06-05 09:00:02 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-06-05 09:00:02 350 --a------ C:\WINDOWS\Tasks\At130.job
2008-06-05 09:00:02 350 --a------ C:\WINDOWS\Tasks\At106.job
2008-06-05 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-06-05 07:00:02 350 --a------ C:\WINDOWS\Tasks\At80.job
2008-06-05 07:00:02 350 --a------ C:\WINDOWS\Tasks\At56.job
2008-06-05 07:00:02 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-06-05 07:00:02 350 --a------ C:\WINDOWS\Tasks\At128.job
2008-06-05 07:00:02 350 --a------ C:\WINDOWS\Tasks\At104.job
2008-06-05 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-06-05 06:00:02 350 --a------ C:\WINDOWS\Tasks\At79.job
2008-06-05 06:00:02 350 --a------ C:\WINDOWS\Tasks\At55.job
2008-06-05 06:00:02 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-06-05 06:00:02 350 --a------ C:\WINDOWS\Tasks\At127.job
2008-06-05 06:00:02 350 --a------ C:\WINDOWS\Tasks\At103.job
2008-06-05 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-06-05 05:00:02 350 --a------ C:\WINDOWS\Tasks\At78.job
2008-06-05 05:00:02 350 --a------ C:\WINDOWS\Tasks\At54.job
2008-06-05 05:00:02 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-06-05 05:00:02 350 --a------ C:\WINDOWS\Tasks\At126.job
2008-06-05 05:00:02 350 --a------ C:\WINDOWS\Tasks\At102.job
2008-06-05 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-06-05 04:00:02 350 --a------ C:\WINDOWS\Tasks\At77.job
2008-06-05 04:00:02 350 --a------ C:\WINDOWS\Tasks\At53.job
2008-06-05 04:00:02 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-06-05 04:00:02 350 --a------ C:\WINDOWS\Tasks\At125.job
2008-06-05 04:00:02 350 --a------ C:\WINDOWS\Tasks\At101.job
2008-06-05 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-06-05 03:00:02 350 --a------ C:\WINDOWS\Tasks\At76.job
2008-06-05 03:00:02 350 --a------ C:\WINDOWS\Tasks\At52.job
2008-06-05 03:00:02 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-06-05 03:00:02 350 --a------ C:\WINDOWS\Tasks\At124.job
2008-06-05 03:00:02 350 --a------ C:\WINDOWS\Tasks\At100.job
2008-06-05 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-06-05 02:00:02 350 --a------ C:\WINDOWS\Tasks\At99.job
2008-06-05 02:00:02 350 --a------ C:\WINDOWS\Tasks\At75.job
2008-06-05 02:00:02 350 --a------ C:\WINDOWS\Tasks\At51.job
2008-06-05 02:00:02 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-06-05 02:00:02 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-06-05 02:00:02 350 --a------ C:\WINDOWS\Tasks\At123.job
2008-06-05 01:00:02 350 --a------ C:\WINDOWS\Tasks\At98.job
2008-06-05 01:00:02 350 --a------ C:\WINDOWS\Tasks\At74.job
2008-06-05 01:00:02 350 --a------ C:\WINDOWS\Tasks\At50.job
2008-06-05 01:00:02 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-06-05 01:00:02 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-06-05 01:00:02 350 --a------ C:\WINDOWS\Tasks\At122.job
2008-06-05 00:49:00 350 --a------ C:\WINDOWS\Tasks\At49.job
2008-06-05 00:47:00 350 --a------ C:\WINDOWS\Tasks\At121.job
2008-06-05 00:11:00 350 --a------ C:\WINDOWS\Tasks\At73.job
2008-06-05 00:09:00 350 --a------ C:\WINDOWS\Tasks\At97.job
2008-06-05 00:00:02 350 --a------ C:\WINDOWS\Tasks\At25.job
2008-06-05 00:00:00 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-06-04 23:00:02 350 --a------ C:\WINDOWS\Tasks\At96.job
2008-06-04 23:00:02 350 --a------ C:\WINDOWS\Tasks\At72.job
2008-06-04 23:00:02 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-06-04 23:00:02 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-06-04 23:00:02 350 --a------ C:\WINDOWS\Tasks\At144.job
2008-06-04 23:00:02 350 --a------ C:\WINDOWS\Tasks\At120.job
2008-06-04 20:00:08 350 --a------ C:\WINDOWS\Tasks\At141.job
2008-06-04 20:00:04 350 --a------ C:\WINDOWS\Tasks\At93.job
2008-06-04 20:00:04 350 --a------ C:\WINDOWS\Tasks\At69.job
2008-06-04 20:00:02 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-06-04 20:00:02 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-06-04 20:00:02 350 --a------ C:\WINDOWS\Tasks\At117.job
2008-06-04 19:00:02 350 --a------ C:\WINDOWS\Tasks\At92.job
2008-06-04 19:00:02 350 --a------ C:\WINDOWS\Tasks\At68.job
2008-06-04 19:00:02 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-06-04 19:00:02 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-06-04 19:00:02 350 --a------ C:\WINDOWS\Tasks\At140.job
2008-06-04 19:00:02 350 --a------ C:\WINDOWS\Tasks\At116.job
2008-06-04 18:00:02 350 --a------ C:\WINDOWS\Tasks\At91.job
2008-06-04 18:00:02 350 --a------ C:\WINDOWS\Tasks\At67.job
2008-06-04 18:00:02 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-06-04 18:00:02 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-06-04 18:00:02 350 --a------ C:\WINDOWS\Tasks\At139.job
2008-06-04 18:00:02 350 --a------ C:\WINDOWS\Tasks\At115.job
2008-06-03 22:00:02 350 --a------ C:\WINDOWS\Tasks\At95.job
2008-06-03 22:00:02 350 --a------ C:\WINDOWS\Tasks\At71.job
2008-06-03 22:00:02 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-06-03 22:00:02 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-06-03 22:00:02 350 --a------ C:\WINDOWS\Tasks\At143.job
2008-06-03 22:00:02 350 --a------ C:\WINDOWS\Tasks\At119.job
2008-06-03 21:00:02 350 --a------ C:\WINDOWS\Tasks\At94.job
2008-06-03 21:00:02 350 --a------ C:\WINDOWS\Tasks\At70.job
2008-06-03 21:00:02 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-06-03 21:00:02 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-06-03 21:00:02 350 --a------ C:\WINDOWS\Tasks\At142.job
2008-06-03 21:00:02 350 --a------ C:\WINDOWS\Tasks\At118.job
2008-05-17 22:29:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-20 13:10:09 0 d-------- C:\ie-spyad_zo
2008-06-20 12:59:35 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-20 12:34:08 68096 --a------ C:\WINDOWS\zip.exe
2008-06-20 12:34:08 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-20 12:34:08 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-20 12:34:08 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-20 12:34:08 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-20 12:34:08 98816 --a------ C:\WINDOWS\sed.exe
2008-06-20 12:34:08 80412 --a------ C:\WINDOWS\grep.exe
2008-06-20 12:34:08 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-20 11:07:04 0 d--hs---- C:\FOUND.009
2008-06-19 01:05:52 0 d--hs---- C:\FOUND.008
2008-06-18 14:35:56 0 d--hs---- C:\FOUND.007
2008-06-18 12:47:08 0 d--hs---- C:\FOUND.006
2008-06-15 16:19:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 10:05:34 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-12 09:50:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-12 09:33:12 0 d--hs---- C:\FOUND.005
2008-06-10 12:16:40 0 d--hs---- C:\WINDOWS\CSC
2008-06-09 11:58:36 0 d--hs---- C:\FOUND.004
2008-06-07 18:39:00 0 d--hs---- C:\FOUND.003
2008-06-07 15:24:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-06-07 15:23:05 54505 --a------ C:\WINDOWS\system32\Partizan.exe
2008-06-07 15:23:02 71624 --a------ C:\WINDOWS\PP.reg
2008-06-07 15:17:17 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-07 07:37:25 15 --a------ C:\WINDOWS\system32\787d2fa6
2008-06-05 12:34:10 31232 --a------ C:\WINDOWS\system32\winccf32.dll
2008-06-03 19:44:50 0 d--hs---- C:\FOUND.002
2008-05-21 19:16:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-06-15 16:12:02 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-14 12:04:40 316 --a------ C:\drmHeader.bin
2008-04-23 10:40:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-04-23 10:40:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-04-22 10:41:28 0 d-------- C:\Program Files\Canon
2008-04-06 13:09:18 737280 -----n--- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A9D5CD7-C8E0-4A77-B43C-CEF36DB1D170}]
C:\WINDOWS\system32\ssqOHXqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4B28B11-BDEE-455A-8C5A-A7F6DA3908A1}]
C:\WINDOWS\system32\efccbbbA.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-03 20:35 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 17:55]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 17:51]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-01-16 12:34 C:\WINDOWS\AGRSMMSG.exe]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"NeroCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:20]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 21:16]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 23:25]
"Nokia Tray Application "= "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-02-10 14:30]
"PCSuiteTrayApplication "= "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-04-26 08:29]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2007-12-20 20:46]
"volume "= "C:\Arquivos de programas\Arquivos comuns\burnin.scr" []
"QuickTime Task "= "D:\PROGRAM FILES 2\QuickTime Alternative\QTTask.exe" [2008-03-28 23:37]
"iTunesHelper "= "D:\PROGRAM FILES 2\iTunesHelper.exe" [2008-03-30 10:36]
"ZoneAlarm Client "= "D:\PROGRAM FILES 2\ZoneAlarm\zlclient.exe" [2008-03-13 23:11]
"WindowsUpdate "= "C:\Arquivos de programas\WindowsUpdate.scr" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" []
"PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 22:21]
"BitTorrent DNA "= "C:\Program Files\DNA\btdna.exe" [2008-05-08 10:57]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 01:15]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert "=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-16 16:53:18]
WindowsUpdate.scr [2008-02-11 14:42:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32]
winccf32.dll 2008-06-05 12:34 31232 C:\WINDOWS\system32\winccf32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- "D:\COMMAND.EXE" /StartExplorer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- "E:\COMMAND.EXE" /StartExplorer




-- End of Deckard's System Scanner: finished at 2008-06-20 13:13:41 ------------

 

Click Start>Run and type cmd then hit enter to open a command window.
Highlight and copy the following bolded command, then right click the command window and select Paste. Hit enter.

del /q C:\WINDOWS\Tasks\At*.job

Now copy the next command below then paste it into the command window and hit enter.

"%userprofile%\desktop\dss.exe" /daft

The dss File Association Fix interface should open.
Click Scan.
Check the box next to the following entries, then click Fix.

• 
  .cpl
  .cpl
  Exit when complete.
  
  
  Now, please disable realtime protections again then run ComboFix (I'm hoping you're in normal mode now?? )
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
  Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

Cant operate internet under normal mode, as the explorer opens as a blank whire page and hangs. However combo fix and deckers hijackscan was run under normal mode.
As instructed..please find the combofix log
ComboFix 08-06-19.2 - Administrator 2008-06-21 12:27:32.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.622 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))
.

2008-06-21 09:33 . 2008-06-21 09:33 <DIR> d--hs---- C:\FOUND.042
2008-06-20 13:11 . 2008-06-20 13:11 <DIR> d-------- C:\Deckard
2008-06-20 13:10 . 2008-06-20 13:10 <DIR> d-------- C:\ie-spyad_zo
2008-06-20 11:07 . 2008-06-20 11:07 <DIR> d--hs---- C:\FOUND.009
2008-06-20 11:07 . 2008-06-21 12:27 336 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-06-19 01:05 . 2008-06-19 01:05 <DIR> d--hs---- C:\FOUND.008
2008-06-18 14:35 . 2008-06-18 14:35 <DIR> d--hs---- C:\FOUND.007
2008-06-18 12:47 . 2008-06-18 12:47 <DIR> d--hs---- C:\FOUND.006
2008-06-15 16:19 . 2008-06-15 16:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 09:50 . 2008-06-12 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-12 09:33 . 2008-06-12 09:33 <DIR> d--hs---- C:\FOUND.005
2008-06-09 11:58 . 2008-06-09 11:58 <DIR> d--hs---- C:\FOUND.004
2008-06-07 18:39 . 2008-06-07 18:39 <DIR> d--hs---- C:\FOUND.003
2008-06-07 15:31 . 2008-06-21 10:50 4,802 --a------ C:\rollback.ini
2008-06-07 15:24 . 2008-06-07 15:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-06-07 15:23 . 2008-06-07 15:23 71,624 --a------ C:\WINDOWS\PP.reg
2008-06-07 15:23 . 2008-06-07 15:24 54,505 --a------ C:\WINDOWS\system32\Partizan.exe
2008-06-07 15:17 . 2008-06-07 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-07 15:16 . 2008-03-13 23:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-06-07 07:37 . 2008-06-07 07:37 15 --a------ C:\WINDOWS\system32\787d2fa6
2008-06-05 12:34 . 2008-06-05 12:34 31,232 --a------ C:\WINDOWS\system32\winccf32.dll
2008-06-03 19:44 . 2008-06-03 19:44 <DIR> d--hs---- C:\FOUND.002
2008-05-21 19:16 . 2008-05-21 19:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 04:03 18,832,255 ------w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-21 04:01 368,640 ------w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-06-21 04:01 2,310,144 ------w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-06-18 09:59 270,336 ------w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-06-18 09:04 3,025,408 ------w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-06-17 08:07 303,104 ------w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-06-16 07:51 3,185,152 ------w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-06-14 19:02 303,104 ------w C:\WINDOWS\Internet Logs\xDB169.tmp
2008-06-14 19:02 2,039,808 ------w C:\WINDOWS\Internet Logs\xDB16A.tmp
2008-06-14 12:27 2,039,808 ------w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-06-14 10:13 3,210,752 ------w C:\WINDOWS\Internet Logs\xDB14F.tmp
2008-06-12 04:00 2,039,808 ------w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-06-08 17:58 270,336 ------w C:\WINDOWS\Internet Logs\xDBDC.tmp
2008-06-08 17:58 2,039,808 ------w C:\WINDOWS\Internet Logs\xDBDD.tmp
2008-06-07 13:05 43,008 ------w C:\WINDOWS\Internet Logs\xDBA7.tmp
2008-06-07 11:44 360,448 ------w C:\WINDOWS\Internet Logs\xDBA0.tmp
2008-06-07 02:11 85,451 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_07_07_40_24_small.dmp.zip
2008-06-06 06:03 132,801 ------w C:\WINDOWS\Internet Logs\explorer_2nd_2008_06_06_11_32_06_small.dmp.zip
2008-06-06 05:42 80,120 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_06_11_10_58_small.dmp.zip
2008-05-29 17:08 4,308,992 ------w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-05-22 14:55 111,790 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_22_14_49_38_small.dmp.zip
2008-05-22 07:12 60,792 ------w C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_21_19_51_42_small.dmp.zip
2008-05-17 17:04 3,936,768 ------w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-05-17 17:04 2,669,056 ------w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-05-16 06:28 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-16 06:11 132,541 ------w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_16_08_11_52_small.dmp.zip
2008-05-14 06:34 316 ----a-w C:\drmHeader.bin
2008-05-10 11:59 75,503 ------w C:\WINDOWS\Internet Logs\Explorer_2nd_2008_05_10_14_41_54_small.dmp.zip
2008-05-07 18:23 57,555 ------w C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_07_11_14_53_small.dmp.zip
2008-05-07 18:23 16,992,193 ------w C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_07_11_14_48_full.dmp.zip
2008-04-29 05:50 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 05:49 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 05:49 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 05:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-04-23 05:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-04-22 05:11 --------- d-----w C:\Program Files\Canon
2008-04-22 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-06 07:39 737,280 ------w C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-21_ 9.27.15.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 03:47:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-21 06:50:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-21 06:58:32 212,944 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2008-06-18 08:57:46 9,557,296 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-06-21 05:21:00 9,603,000 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
- 2008-06-18 09:36:48 319,488 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
+ 2008-06-21 06:07:22 19,823,104 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A9D5CD7-C8E0-4A77-B43C-CEF36DB1D170}]
C:\WINDOWS\system32\ssqOHXqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4B28B11-BDEE-455A-8C5A-A7F6DA3908A1}]
C:\WINDOWS\system32\efccbbbA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [ ]
"PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52 1409024]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 22:21 486856]
"BitTorrent DNA "= "C:\Program Files\DNA\btdna.exe" [2008-05-08 10:57 289088]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 01:15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-03 20:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 17:55 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 17:51 118784]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-01-16 12:34 88363 C:\WINDOWS\AGRSMMSG.exe]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"NeroCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:20 155648]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 21:16 172032]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 23:25 49152]
"Nokia Tray Application "= "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-02-10 14:30 425984]
"PCSuiteTrayApplication "= "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 08:29 237568]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2007-12-20 20:46 37376]
"volume "= "C:\Arquivos de programas\Arquivos comuns\burnin.scr" [ ]
"QuickTime Task "= "D:\PROGRAM FILES 2\QuickTime Alternative\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper "= "D:\PROGRAM FILES 2\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ZoneAlarm Client "= "D:\PROGRAM FILES 2\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert "= "C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 09:04 54936]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-16 16:53:18 113664]
WindowsUpdate.scr [2008-02-11 14:42:32 3601408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32]
winccf32.dll 2008-06-05 12:34 31232 C:\WINDOWS\system32\winccf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"E:\\Bit Torrent\\BitTorrent\\bittorrent.exe "=
"C:\\Program Files\\DNA\\btdna.exe "=
"D:\\PROGRAM FILES 2\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP "= 86:TCP:BroadCam Web Server

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780};{DEF85C80-216A-43ab-AF70-1665EDBE2780};C:\WINDOWS\TEMP\6.tmp []
S3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 15:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - "D:\COMMAND.EXE" /StartExplorer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - "E:\COMMAND.EXE" /StartExplorer

.
Contents of the 'Scheduled Tasks' folder
"2008-06-21 06:57:20 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-05-17 16:59:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 12:29:07
Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}]
"ImagePath "= "\??\C:\WINDOWS\TEMP\6.tmp "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\winccf32.dll
.
Completion time: 2008-06-21 12:29:37
ComboFix-quarantined-files.txt 2008-06-21 06:59:36
ComboFix2.txt 2008-06-21 03:57:48

Pre-Run: 1,525,882,880 bytes free
Post-Run: 1,512,267,776 bytes free

169

 

Deckard's System Scan report

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-21 12:38:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.41 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-21 12:39:29
Platform: Windows XP Service Pack 2, v.2096 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAM FILES 2\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\PROGRAM FILES 2\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WindowsUpdate.scr
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\WINDOWS\system32\ZoneLabs\updclient.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {6A9D5CD7-C8E0-4A77-B43C-CEF36DB1D170} - C:\WINDOWS\system32\ssqOHXqr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C4B28B11-BDEE-455A-8C5A-A7F6DA3908A1} - C:\WINDOWS\system32\efccbbbA.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [volume] C:\Arquivos de programas\Arquivos comuns\burnin.scr
O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAM FILES 2\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAM FILES 2\iTunesHelper.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\PROGRAM FILES 2\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WindowsUpdate.scr
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{D7002D66-DBF9-4082-9DCD-C1ADCE487173}: NameServer = 202.56.215.6,202.56.230.6
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: winccf32 - C:\WINDOWS\system32\winccf32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\PROGRAM FILES 2\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: - http://tbn0.google.com/images?q=tbn:WHBaruNRJarHJM:http://www.ntferro.com/shop/images/N.webcopy.jpg

--
End of file - 9618 bytes

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-21 09:33:20 0 d--hs---- C:\FOUND.042
2008-06-20 13:10:09 0 d-------- C:\ie-spyad_zo
2008-06-20 12:34:08 68096 --a------ C:\WINDOWS\zip.exe
2008-06-20 12:34:08 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-20 12:34:08 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-20 12:34:08 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-20 12:34:08 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-20 12:34:08 98816 --a------ C:\WINDOWS\sed.exe
2008-06-20 12:34:08 80412 --a------ C:\WINDOWS\grep.exe
2008-06-20 12:34:08 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-20 11:07:04 0 d--hs---- C:\FOUND.009
2008-06-19 01:05:52 0 d--hs---- C:\FOUND.008
2008-06-18 14:35:56 0 d--hs---- C:\FOUND.007
2008-06-18 12:47:08 0 d--hs---- C:\FOUND.006
2008-06-15 16:19:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 10:05:34 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-12 09:50:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-12 09:33:12 0 d--hs---- C:\FOUND.005
2008-06-10 12:16:40 0 d--hs---- C:\WINDOWS\CSC
2008-06-09 11:58:36 0 d--hs---- C:\FOUND.004
2008-06-07 18:39:00 0 d--hs---- C:\FOUND.003
2008-06-07 15:24:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-06-07 15:23:05 54505 --a------ C:\WINDOWS\system32\Partizan.exe
2008-06-07 15:23:02 71624 --a------ C:\WINDOWS\PP.reg
2008-06-07 15:17:17 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-07 07:37:25 15 --a------ C:\WINDOWS\system32\787d2fa6
2008-06-05 12:34:10 31232 --a------ C:\WINDOWS\system32\winccf32.dll
2008-06-03 19:44:50 0 d--hs---- C:\FOUND.002
2008-05-21 19:16:27 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard


-- Find3M Report ---------------------------------------------------------------

2008-06-21 12:30:38 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-14 12:04:40 316 --a------ C:\drmHeader.bin
2008-04-23 10:40:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-04-23 10:40:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-04-22 10:41:28 0 d-------- C:\Program Files\Canon
2008-04-06 13:09:18 737280 -----n--- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A9D5CD7-C8E0-4A77-B43C-CEF36DB1D170}]
C:\WINDOWS\system32\ssqOHXqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4B28B11-BDEE-455A-8C5A-A7F6DA3908A1}]
C:\WINDOWS\system32\efccbbbA.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor "= "ALCXMNTR.EXE" [03/04/2003 08:35 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [10/02/2004 05:55 PM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [10/02/2004 05:51 PM]
"AGRSMMSG "= "AGRSMMSG.exe" [16/01/2004 12:34 PM C:\WINDOWS\AGRSMMSG.exe]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [31/10/2003 07:42 PM]
"NeroCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 03:20 PM]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [04/03/2004 09:16 PM]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [22/12/2003 08:38 AM]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [18/02/2004 11:25 PM]
"Nokia Tray Application "= "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [10/02/2003 02:30 PM]
"PCSuiteTrayApplication "= "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [26/04/2006 08:29 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [20/12/2007 08:46 PM]
"volume "= "C:\Arquivos de programas\Arquivos comuns\burnin.scr" []
"QuickTime Task "= "D:\PROGRAM FILES 2\QuickTime Alternative\QTTask.exe" [28/03/2008 11:37 PM]
"iTunesHelper "= "D:\PROGRAM FILES 2\iTunesHelper.exe" [30/03/2008 10:36 AM]
"ZoneAlarm Client "= "D:\PROGRAM FILES 2\ZoneAlarm\zlclient.exe" [13/03/2008 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" []
"PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/04/2006 05:52 PM]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [17/01/2008 10:21 PM]
"BitTorrent DNA "= "C:\Program Files\DNA\btdna.exe" [08/05/2008 10:57 AM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/04/2008 01:15 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert "=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/12/2004 4:53:18 PM]
WindowsUpdate.scr [11/02/2008 2:42:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)
"DisableRegistryTools "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32]
winccf32.dll 05/06/2008 12:34 PM 31232 C:\WINDOWS\system32\winccf32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- "D:\COMMAND.EXE" /StartExplorer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- "E:\COMMAND.EXE" /StartExplorer




-- End of Deckard's System Scanner: finished at 2008-06-21 12:40:25 ------------

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\system32\787d2fa6
C:\WINDOWS\system32\winccf32.dll
C:\WINDOWS\Internet Logs\xDB20.tmp
C:\WINDOWS\Internet Logs\xDB21.tmp
C:\WINDOWS\Internet Logs\xDB1F.tmp
C:\WINDOWS\Internet Logs\xDB1E.tmp
C:\WINDOWS\Internet Logs\xDB1D.tmp
C:\WINDOWS\Internet Logs\xDB1C.tmp
C:\WINDOWS\Internet Logs\xDB169.tmp
C:\WINDOWS\Internet Logs\xDB16A.tmp
C:\WINDOWS\Internet Logs\xDB1B.tmp
C:\WINDOWS\Internet Logs\xDB14F.tmp
C:\WINDOWS\Internet Logs\xDB1A.tmp
C:\WINDOWS\Internet Logs\xDBDC.tmp
C:\WINDOWS\Internet Logs\xDBDD.tmp
C:\WINDOWS\Internet Logs\xDBA7.tmp
C:\WINDOWS\Internet Logs\xDBA0.tmp
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_07_07_40_24_small.dmp.zip
C:\WINDOWS\Internet Logs\explorer_2nd_2008_06_06_11_32_06_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_06_11_10_58_small.dmp.zip
C:\WINDOWS\Internet Logs\xDB19.tmp
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_22_14_49_38_small.dmp.zip
C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_21_19_51_42_small.dmp.zip
C:\WINDOWS\Internet Logs\xDB18.tmp
C:\WINDOWS\Internet Logs\xDB15.tmp
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_16_08_11_52_small.dmp.zip
C:\WINDOWS\Internet Logs\Explorer_2nd_2008_05_10_14_41_54_small.dmp.zip
C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_07_11_14_53_small.dmp.zip
C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_07_11_14_48_full.dmp.zip
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WindowsUpdate.scr 
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A9D5CD7-C8E0-4A77-B43C-CEF36DB1D170}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4B28B11-BDEE-455A-8C5A-A7F6DA3908A1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
 "{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} "=-
 "{2318C2B1-4965-11d4-9B18-009027A5CD4F} "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "volume "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winccf32]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
Driver::
{DEF85C80-216A-43ab-AF70-1665EDBE2780}

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log along with a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

As advised, the combofix log.. ( I still can not run internet under normal mode, please help with that) Thanks

ComboFix 08-06-19.2 - Administrator 2008-06-22 12:27:20.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.588 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WindowsUpdate.scr
C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_07_11_14_48_full.dmp.zip
C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_07_11_14_53_small.dmp.zip
C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_21_19_51_42_small.dmp.zip
C:\WINDOWS\Internet Logs\Explorer_2nd_2008_05_10_14_41_54_small.dmp.zip
C:\WINDOWS\Internet Logs\explorer_2nd_2008_06_06_11_32_06_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_16_08_11_52_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_22_14_49_38_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_06_11_10_58_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_07_07_40_24_small.dmp.zip
C:\WINDOWS\Internet Logs\xDB14F.tmp
C:\WINDOWS\Internet Logs\xDB15.tmp
C:\WINDOWS\Internet Logs\xDB169.tmp
C:\WINDOWS\Internet Logs\xDB16A.tmp
C:\WINDOWS\Internet Logs\xDB18.tmp
C:\WINDOWS\Internet Logs\xDB19.tmp
C:\WINDOWS\Internet Logs\xDB1A.tmp
C:\WINDOWS\Internet Logs\xDB1B.tmp
C:\WINDOWS\Internet Logs\xDB1C.tmp
C:\WINDOWS\Internet Logs\xDB1D.tmp
C:\WINDOWS\Internet Logs\xDB1E.tmp
C:\WINDOWS\Internet Logs\xDB1F.tmp
C:\WINDOWS\Internet Logs\xDB20.tmp
C:\WINDOWS\Internet Logs\xDB21.tmp
C:\WINDOWS\Internet Logs\xDBA0.tmp
C:\WINDOWS\Internet Logs\xDBA7.tmp
C:\WINDOWS\Internet Logs\xDBDC.tmp
C:\WINDOWS\Internet Logs\xDBDD.tmp
C:\WINDOWS\system32\787d2fa6
C:\WINDOWS\system32\winccf32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WindowsUpdate.scr
C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_07_11_14_48_full.dmp.zip
C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_07_11_14_53_small.dmp.zip
C:\WINDOWS\Internet Logs\bittorrent_2nd_2008_05_21_19_51_42_small.dmp.zip
C:\WINDOWS\Internet Logs\Explorer_2nd_2008_05_10_14_41_54_small.dmp.zip
C:\WINDOWS\Internet Logs\explorer_2nd_2008_06_06_11_32_06_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_16_08_11_52_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_05_22_14_49_38_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_06_11_10_58_small.dmp.zip
C:\WINDOWS\Internet Logs\vsmon_2nd_2008_06_07_07_40_24_small.dmp.zip
C:\WINDOWS\Internet Logs\xDB14F.tmp
C:\WINDOWS\Internet Logs\xDB15.tmp
C:\WINDOWS\Internet Logs\xDB169.tmp
C:\WINDOWS\Internet Logs\xDB16A.tmp
C:\WINDOWS\Internet Logs\xDB18.tmp
C:\WINDOWS\Internet Logs\xDB19.tmp
C:\WINDOWS\Internet Logs\xDB1A.tmp
C:\WINDOWS\Internet Logs\xDB1B.tmp
C:\WINDOWS\Internet Logs\xDB1C.tmp
C:\WINDOWS\Internet Logs\xDB1D.tmp
C:\WINDOWS\Internet Logs\xDB1E.tmp
C:\WINDOWS\Internet Logs\xDB1F.tmp
C:\WINDOWS\Internet Logs\xDB20.tmp
C:\WINDOWS\Internet Logs\xDB21.tmp
C:\WINDOWS\Internet Logs\xDBA0.tmp
C:\WINDOWS\Internet Logs\xDBA7.tmp
C:\WINDOWS\Internet Logs\xDBDC.tmp
C:\WINDOWS\Internet Logs\xDBDD.tmp
C:\WINDOWS\system32\787d2fa6
C:\WINDOWS\system32\winccf32.dll
D:\Autorun.inf
E:\Autorun.inf
I:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780}
-------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780}


((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-22 12:05 . 2008-06-22 12:05 <DIR> d--hs---- C:\FOUND.044
2008-06-21 15:54 . 2008-06-21 15:54 <DIR> d--hs---- C:\FOUND.043
2008-06-21 09:33 . 2008-06-21 09:33 <DIR> d--hs---- C:\FOUND.042
2008-06-20 13:11 . 2008-06-20 13:11 <DIR> d-------- C:\Deckard
2008-06-20 13:10 . 2008-06-20 13:10 <DIR> d-------- C:\ie-spyad_zo
2008-06-20 11:07 . 2008-06-20 11:07 <DIR> d--hs---- C:\FOUND.009
2008-06-20 11:07 . 2008-06-22 12:40 336 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-06-19 01:05 . 2008-06-19 01:05 <DIR> d--hs---- C:\FOUND.008
2008-06-18 14:35 . 2008-06-18 14:35 <DIR> d--hs---- C:\FOUND.007
2008-06-18 12:47 . 2008-06-18 12:47 <DIR> d--hs---- C:\FOUND.006
2008-06-15 16:19 . 2008-06-15 16:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 09:50 . 2008-06-12 09:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-12 09:33 . 2008-06-12 09:33 <DIR> d--hs---- C:\FOUND.005
2008-06-09 11:58 . 2008-06-09 11:58 <DIR> d--hs---- C:\FOUND.004
2008-06-07 18:39 . 2008-06-07 18:39 <DIR> d--hs---- C:\FOUND.003
2008-06-07 15:31 . 2008-06-21 12:40 959 --a------ C:\rollback.ini
2008-06-07 15:24 . 2008-06-07 15:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-06-07 15:23 . 2008-06-07 15:23 71,624 --a------ C:\WINDOWS\PP.reg
2008-06-07 15:23 . 2008-06-07 15:24 54,505 --a------ C:\WINDOWS\system32\Partizan.exe
2008-06-07 15:17 . 2008-06-07 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-07 15:16 . 2008-03-13 23:11 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-06-03 19:44 . 2008-06-03 19:44 <DIR> d--hs---- C:\FOUND.002

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 13:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-16 06:28 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-14 06:34 316 ----a-w C:\drmHeader.bin
2008-04-29 05:50 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 05:49 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 05:49 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 05:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-04-23 05:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-04-22 05:11 --------- d-----w C:\Program Files\Canon
2008-04-22 05:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-04-06 07:39 737,280 ------w C:\WINDOWS\iun6002.exe
.

((((((((((((((((((((((((((((( snapshot@2008-06-21_ 9.27.15.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 03:47:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-22 07:09:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-15 10:42:02 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-06-21 07:00:38 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2008-06-22 06:56:56 214,064 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2008-06-18 08:57:46 9,557,296 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2008-06-21 05:21:00 9,603,000 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
- 2008-06-18 09:36:48 319,488 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
+ 2008-06-21 07:37:40 19,823,104 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" [ ]
"PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 17:52 1409024]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 22:21 486856]
"BitTorrent DNA "= "C:\Program Files\DNA\btdna.exe" [2008-05-08 10:57 289088]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-11 01:15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor "= "ALCXMNTR.EXE" [2003-04-03 20:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 17:55 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 17:51 118784]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-01-16 12:34 88363 C:\WINDOWS\AGRSMMSG.exe]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"NeroCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:20 155648]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 21:16 172032]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 23:25 49152]
"Nokia Tray Application "= "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-02-10 14:30 425984]
"PCSuiteTrayApplication "= "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-04-26 08:29 237568]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [2007-12-20 20:46 37376]
"QuickTime Task "= "D:\PROGRAM FILES 2\QuickTime Alternative\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper "= "D:\PROGRAM FILES 2\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ZoneAlarm Client "= "D:\PROGRAM FILES 2\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert "= "C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2002-08-07 09:04 54936]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-16 16:53:18 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"E:\\Bit Torrent\\BitTorrent\\bittorrent.exe "=
"C:\\Program Files\\DNA\\btdna.exe "=
"D:\\PROGRAM FILES 2\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP "= 86:TCP:BroadCam Web Server

S3 SNCP106;PC Camera (6009 CIF);C:\WINDOWS\system32\DRIVERS\sncp106.sys [2002-12-27 15:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-22 07:10:06 C:\WINDOWS\Tasks\Symantec NetDetect.job "
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-05-17 16:59:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 12:40:17
Windows 5.1.2600 Service Pack 2, v.2096 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\PROGRAM FILES 2\aawservice.exe
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\SYSTEM32\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\MPAPI\MPAPI3S.EXE
C:\PROGRAM FILES\CANON\CAL\CALMAIN.EXE
.
**************************************************************************
.
Completion time: 2008-06-22 12:41:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-22 07:10:56
ComboFix3.txt 2008-06-21 03:57:48
ComboFix2.txt 2008-06-21 06:59:40

Pre-Run: 1,368,514,560 bytes free
Post-Run: 1,350,950,912 bytes free

208

 

The deckers log

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-06-22 13:02:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.25 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-22 13:02:40
Platform: Windows XP Service Pack 2, v.2096 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
D:\PROGRAM FILES 2\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\PROGRAM FILES 2\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAM FILES 2\iTunesHelper.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\PROGRAM FILES 2\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{D7002D66-DBF9-4082-9DCD-C1ADCE487173}: NameServer = 202.56.215.6,202.56.230.6
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\PROGRAM FILES 2\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: - http://tbn0.google.com/images?q=tbn:WHBaruNRJarHJM:http://www.ntferro.com/shop/images/N.webcopy.jpg

--
End of file - 8053 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 12:05:14 0 d--hs---- C:\FOUND.044
2008-06-21 15:54:10 0 d--hs---- C:\FOUND.043
2008-06-21 09:33:20 0 d--hs---- C:\FOUND.042
2008-06-20 13:10:09 0 d-------- C:\ie-spyad_zo
2008-06-20 12:34:08 68096 --a------ C:\WINDOWS\zip.exe
2008-06-20 12:34:08 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-20 12:34:08 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-20 12:34:08 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-20 12:34:08 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-20 12:34:08 98816 --a------ C:\WINDOWS\sed.exe
2008-06-20 12:34:08 80412 --a------ C:\WINDOWS\grep.exe
2008-06-20 12:34:08 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-20 11:07:04 0 d--hs---- C:\FOUND.009
2008-06-19 01:05:52 0 d--hs---- C:\FOUND.008
2008-06-18 14:35:56 0 d--hs---- C:\FOUND.007
2008-06-18 12:47:08 0 d--hs---- C:\FOUND.006
2008-06-15 16:19:36 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-12 10:05:34 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-12 09:50:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-12 09:33:12 0 d--hs---- C:\FOUND.005
2008-06-10 12:16:40 0 d--hs---- C:\WINDOWS\CSC
2008-06-09 11:58:36 0 d--hs---- C:\FOUND.004
2008-06-07 18:39:00 0 d--hs---- C:\FOUND.003
2008-06-07 15:24:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\MailFrontier
2008-06-07 15:23:05 54505 --a------ C:\WINDOWS\system32\Partizan.exe
2008-06-07 15:23:02 71624 --a------ C:\WINDOWS\PP.reg
2008-06-07 15:17:17 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-06-03 19:44:50 0 d--hs---- C:\FOUND.002


-- Find3M Report ---------------------------------------------------------------

2008-06-21 12:30:38 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-21 19:16:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 12:04:40 316 --a------ C:\drmHeader.bin
2008-04-23 10:40:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\CameraWindowDC
2008-04-23 10:40:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\CANON INC
2008-04-22 10:41:28 0 d-------- C:\Program Files\Canon
2008-04-06 13:09:18 737280 -----n--- C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor "= "ALCXMNTR.EXE" [03/04/2003 08:35 PM C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [10/02/2004 05:55 PM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [10/02/2004 05:51 PM]
"AGRSMMSG "= "AGRSMMSG.exe" [16/01/2004 12:34 PM C:\WINDOWS\AGRSMMSG.exe]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [31/10/2003 07:42 PM]
"NeroCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 03:20 PM]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [04/03/2004 09:16 PM]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [22/12/2003 08:38 AM]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [18/02/2004 11:25 PM]
"Nokia Tray Application "= "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [10/02/2003 02:30 PM]
"PCSuiteTrayApplication "= "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [26/04/2006 08:29 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"WinampAgent "= "C:\Program Files\Winamp\winampa.exe" [20/12/2007 08:46 PM]
"QuickTime Task "= "D:\PROGRAM FILES 2\QuickTime Alternative\QTTask.exe" [28/03/2008 11:37 PM]
"iTunesHelper "= "D:\PROGRAM FILES 2\iTunesHelper.exe" [30/03/2008 10:36 AM]
"ZoneAlarm Client "= "D:\PROGRAM FILES 2\ZoneAlarm\zlclient.exe" [13/03/2008 11:11 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype "= "C:\Program Files\Skype\Phone\Skype.exe" []
"PcSync "= "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/04/2006 05:52 PM]
"DAEMON Tools Lite "= "C:\Program Files\DAEMON Tools Lite\daemon.exe" [17/01/2008 10:21 PM]
"BitTorrent DNA "= "C:\Program Files\DNA\btdna.exe" [08/05/2008 10:57 AM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/04/2008 01:15 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert "=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/12/2004 4:53:18 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)
"DisableRegistryTools "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "




-- End of Deckard's System Scanner: finished at 2008-06-22 13:03:30 ------------

 

Please make sure you have the setup (installer) file for Zone Alarm, and save the license key to text if it's the paid version, then uninstall it via Add/Remove programs. Reboot when complete.

*Note - the Windows Firewall should be turned on automatically when ZA is uninstalled

If your internet connection still does not work in normal mode, download Winsock XP Fix. Close all open programs and connections. Run Winsock XP Fix and select Fix. Reboot.


If that repairs the connection, re-install ZA.

 

NoahFear, thanks a lot for your help..that worked! However the desktop items disapeared and reappeared after a while, do you think the infected stuff is now deleted?
I really appreciate the time that you put in to help me else I was about to reformat my system.
I have uninstalled zonealarm however I am not to happy with it as it didnt stop the virus to enter the system. Do you have any recomendations on the virus protection I should use, kindly suggest the free stuff and paid stuff.
Thanks a lot

 

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.


Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot


OK, leave ZA out. Recommend you download a trial of Kaspersky Internet Secuity Suite and install it (do a custom install and install only the modules you want). Update it and run a full system scan, remove whatever it finds and report those results back here.

 

HI Noahfear, apologies for a late reply but I have been having some trouble with kaspersky. The following are inactive anti-malware-files and memory, system security-application filteration, firewall, proactive defence, online security-intrusion protection system. When i try and fix it. kaspersky disconnects my internet and i have trouble getting the internet up and running again. I have tried to uninstall but i am not getting an option to uninstall and kaspersky just gives me an option to install the software and not remove it. However I have done a system scan and following are the log.

Full Scan: completed 24/06/2008 12:39:20 PM (events: 510, objects: 223469, time: 12:26:51 AM)
24/06/2008 12:43:23 PM Task stopped
24/06/2008 12:43:04 PM Detected: http://www.viruslist.com/en/advisories/12430 C:\Program Files\winzip\winzip32.exe
24/06/2008 12:43:02 PM Detected: http://www.viruslist.com/en/advisories/16653 C:\Program Files\symantec\liveupdate\luall.exe
24/06/2008 12:42:55 PM Detected: http://www.viruslist.com/en/advisories/27865 C:\Program Files\winamp\winamp.exe
24/06/2008 12:42:54 PM Detected: http://www.viruslist.com/en/advisories/23138 C:\Program Files\adobe\acrobat 5.0\reader\acrord32.exe
24/06/2008 12:42:45 PM Task started
Full Scan: completed 24/06/2008 12:39:20 PM (events: 510, objects: 223469, time: 12:26:51 AM)
24/06/2008 12:39:20 PM Task completed
24/06/2008 12:39:20 PM Detected: Heur.Downloader C:\WINDOWS\system32\WinUpdatedata.exe/NPack
24/06/2008 12:39:20 PM Detected: Heur.Trojan.Generic C:\WINDOWS\system32\WinUpdatedata.exe/NPack
24/06/2008 12:39:20 PM Detected: Heur.Trojan.Generic C:\WINDOWS\system32\WinUpdatedata.exe/NPack
24/06/2008 12:39:19 PM Detected: Heur.Trojan.Generic C:\WINDOWS\system32\WinUpdatedata.exe/NPack
24/06/2008 12:39:19 PM Detected: Heur.Trojan.Generic C:\WINDOWS\system32\WinUpdatedata.exe/NPack
24/06/2008 12:39:19 PM Detected: Heur.Downloader C:\System Volume Information\_restore{BFD20D4A-4B75-42C6-BE09-721A7EAB5AB2}\RP1\A0000055.exe/NPack
24/06/2008 12:39:19 PM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{BFD20D4A-4B75-42C6-BE09-721A7EAB5AB2}\RP1\A0000055.exe/NPack
24/06/2008 12:39:18 PM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{BFD20D4A-4B75-42C6-BE09-721A7EAB5AB2}\RP1\A0000055.exe/NPack
24/06/2008 12:39:18 PM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{BFD20D4A-4B75-42C6-BE09-721A7EAB5AB2}\RP1\A0000055.exe/NPack
24/06/2008 12:39:15 PM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{BFD20D4A-4B75-42C6-BE09-721A7EAB5AB2}\RP1\A0000055.exe/NPack
24/06/2008 12:37:04 PM Detected: http://www.viruslist.com/en/advisories/26513 I:\code clean\ZoneAlarm\zlclient.exe
24/06/2008 12:31:54 PM Detected: http://www.viruslist.com/en/advisories/27361 D:\PROGRAM FILES 2\Real\RealPlayer\realplay.exe
24/06/2008 12:31:51 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\zh_TW.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:51 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\zh_CN.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:51 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\ru.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:51 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\sv.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:51 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\pt_PT.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:51 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\nl.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:51 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\pl.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:50 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\nb.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:50 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\ko.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:50 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\ja.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:50 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\it.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:50 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\fr.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:50 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\fi.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:50 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\es.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:50 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\en.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:50 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\QuickTimePlayer.qtr
24/06/2008 12:31:49 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\de.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:49 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QuickTimePlayer.Resources\da.lproj\QuickTimePlayerLocalized.qtr
24/06/2008 12:31:49 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:49 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:49 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\sv.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:48 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\ru.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:48 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\pt_PT.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:48 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\pl.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:48 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\nl.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:48 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\nb.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:48 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\ko.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:48 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\ja.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:48 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\fr.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:47 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\it.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:47 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\fi.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:47 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\es.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:47 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.qtr
24/06/2008 12:31:47 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\da.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeWebHelper.Resources\de.lproj\QuickTimeWebHelperLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\zh_TW.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\sv.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\zh_CN.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\ru.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\pt_PT.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\pl.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\nb.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:46 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\ko.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:45 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\ja.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:45 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\it.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:45 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\fr.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:45 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\fi.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:45 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\es.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:45 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\en.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:45 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\de.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\QuickTimeVRAuthoring.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVRAuthoring.Resources\da.lproj\QuickTimeVRAuthoringLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\zh_TW.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\zh_CN.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\sv.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\ru.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\pt_PT.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\nl.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\pl.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\nb.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\ko.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:44 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\ja.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\it.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\fr.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\fi.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\es.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\de.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\da.lproj\QuickTimeVRLocalized.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:43 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\sv.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\ru.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\pt_PT.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\nl.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\pl.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\nb.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\ko.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\ja.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\it.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\fr.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\fi.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\es.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:42 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\de.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:41 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\da.lproj\QuickTimeStreamingExtrasLocalized.qtr
24/06/2008 12:31:41 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr
24/06/2008 12:31:41 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_TW.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:41 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_CN.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:41 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\ru.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:41 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\sv.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:41 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\pt_PT.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:41 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\pl.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:41 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\nl.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:40 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\nb.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:40 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\ko.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:40 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\ja.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:40 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\it.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:40 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\fr.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:40 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\fi.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:40 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSy

 

24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\en.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\es.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\da.lproj\QuickTimeStreamingAuthoringLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreamingAuthoring.Resources\QuickTimeStreamingAuthoring.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\sv.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\ru.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\pt_PT.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\pl.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\nl.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\nb.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\ko.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:39 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\ja.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\it.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\fr.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\fi.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\es.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\da.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\de.lproj\QuickTimeStreamingLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\zh_TW.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\zh_CN.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\sv.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\ru.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\pt_PT.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\nl.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\pl.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:38 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\nb.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\ko.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\ja.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\it.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\fr.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\fi.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\es.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\en.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\de.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\da.lproj\QuickTimeQD3DLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\zh_CN.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeQD3D.Resources\QuickTimeQD3D.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\sv.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\pt_PT.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\ru.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:37 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\pl.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\nb.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\nl.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\ko.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\ja.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\it.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\fi.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\fr.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\es.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\de.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\da.lproj\QuickTimeMusicLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_TW.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_CN.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\sv.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\ru.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:36 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\pt_PT.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\pl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\nl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\nb.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\ko.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\ja.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\it.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\fi.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\es.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\fr.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\en.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\da.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
24/06/2008 12:31:35 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSy

 

24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4Authoring.Resources\QuickTimeMPEG4Authoring.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\zh_TW.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\zh_CN.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\sv.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\ru.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\pt_PT.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\pl.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\nl.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\ko.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\nb.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\ja.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\it.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\fr.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\fi.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\es.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:34 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\de.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\da.lproj\QuickTimeMPEG4Localized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\zh_TW.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\zh_CN.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\sv.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\ru.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\pt_PT.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\nb.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\pl.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\nl.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\ko.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\it.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\ja.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\fr.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\fi.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\es.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\en.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\de.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\zh_TW.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\da.lproj\QuickTimeMPEGLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\zh_CN.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeMPEG.Resources\QuickTimeMPEG.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\sv.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\ru.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:33 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\pt_PT.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:32 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\pl.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:32 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\nl.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:32 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\nb.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:32 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\ko.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:32 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\ja.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:32 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\it.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:31 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\fr.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:31 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\fi.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:31 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:31 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\de.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:31 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\da.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:31 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr
24/06/2008 12:31:31 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr
24/06/2008 12:31:31 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\zh_TW.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:31 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\zh_CN.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\sv.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\ru.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\pt_PT.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\pl.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\nl.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\nb.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\ja.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\ko.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\it.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\fi.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\fr.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:30 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\es.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:29 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\de.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:29 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\en.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:29 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\da.lproj\QuickTimeImageLocalized.qtr
24/06/2008 12:31:29 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeImage.Resources\QuickTimeImage.qtr
24/06/2008 12:31:29 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\zh_TW.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:29 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\zh_CN.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:29 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\sv.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:29 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\ru.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:29 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\pt_PT.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:28 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\pl.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:28 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\nl.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:28 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\nb.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:28 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\ko.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:28 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\it.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:28 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\ja.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:28 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\fi.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:28 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\fr.lproj\QuickTimeH264Localized.qtr

 

24/06/2008 12:31:27 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\es.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:27 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:27 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\de.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:27 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\da.lproj\QuickTimeH264Localized.qtr
24/06/2008 12:31:27 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr
24/06/2008 12:31:27 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:27 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:27 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\ru.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:27 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\sv.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:26 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\pl.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:26 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\pt_PT.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:26 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\nl.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:26 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\nb.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:26 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\ko.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:26 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\ja.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:26 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\it.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:26 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\fr.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:25 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\fi.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:25 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\es.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:25 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:25 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\de.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:25 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr
24/06/2008 12:31:25 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEssentials.Resources\da.lproj\QuickTimeEssentialsLocalized.qtr
24/06/2008 12:31:25 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:24 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\zh_CN.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:24 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\sv.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:24 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\ru.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:24 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\pt_PT.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\nl.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\pl.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\nb.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\ko.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\ja.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\it.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\fi.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\fr.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\es.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\de.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:23 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\en.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\da.lproj\QuickTimeEffectsLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeEffects.Resources\QuickTimeEffects.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\ru.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\zh_CN.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\pt_PT.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\nl.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\pl.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\nb.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\ko.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\ja.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\it.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\fr.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\fi.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\es.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\en.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\da.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\de.lproj\QuickTimeCaptureLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeCapture.Resources\QuickTimeCapture.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:22 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\sv.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:21 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\ru.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:21 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\pt_PT.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:21 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\pl.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:20 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\nb.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:20 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\nl.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:20 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\ko.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:20 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\ja.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:20 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\it.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:20 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:19 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\fi.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:19 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:19 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:19 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\de.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:19 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringLocalized.qtr
24/06/2008 12:31:18 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTimeAuthoring.Resources\QuickTimeAuthoring.qtr

 

24/06/2008 12:31:17 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:17 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\zh_CN.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:17 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\sv.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:17 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\ru.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:17 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\pl.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:17 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\pt_PT.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:17 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\nb.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:17 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\ko.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:17 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\nl.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\ja.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\it.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\fr.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\es.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\fi.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\en.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\de.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\da.lproj\QuickTime3GPPAuthoringLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPPAuthoring.Resources\QuickTime3GPPAuthoring.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:16 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:15 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\ru.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:15 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\pt_PT.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:15 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\pl.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:15 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\nl.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:15 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:15 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:15 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\ja.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:15 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\it.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:15 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\fr.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:15 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:14 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:14 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\es.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:14 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:14 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:14 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:14 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr
24/06/2008 12:31:14 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr
24/06/2008 12:31:14 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\pt_PT.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:14 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\sv.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:14 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\ru.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:13 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\nb.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:13 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\nl.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:13 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\pl.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:13 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\ko.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:13 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\ja.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:12 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\it.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:12 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:12 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\fi.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:12 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\es.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:12 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:11 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\de.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:11 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\da.lproj\QuickTimeLocalized.qtr
24/06/2008 12:31:11 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\QuickTime.Resources\QuickTime.qtr
24/06/2008 12:31:11 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\zh_CN.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:11 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\zh_TW.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:11 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\sv.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\pl.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\ru.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\pt_PT.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\nl.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\nb.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\ko.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\ja.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\it.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\fr.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\fi.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\es.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:10 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\de.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:09 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\da.lproj\CoreVideoLocalized.qtr
24/06/2008 12:31:09 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\QTSystem\CoreVideo.Resources\CoreVideo.qtr
24/06/2008 12:31:07 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:07 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:07 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\sv.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:07 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\ru.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\pt_PT.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\pl.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\nl.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\nb.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\ko.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\ja.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\it.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\fr.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\fi.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\es.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\en.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\de.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\da.lproj\PropPanelHelpersLocalized.qtr
24/06/2008 12:31:06 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PropPanelHelpers.Resources\PropPanelHelpers.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\sv.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\pl.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\ru.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\pt_PT.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\nl.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\nb.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\ko.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\ja.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\it.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\fr.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\fi.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\es.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\en.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\da.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\de.lproj\PanelHelperBaseLocalized.qtr
24/06/2008 12:31:05 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PropertyPanels\PanelHelperBase.Resources\PanelHelperBase.qtr
24/06/2008 12:31:04 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:04 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:04 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\sv.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:04 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\ru.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:03 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\pt_PT.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:03 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\nl.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:03 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\pl.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:03 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\nb.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:03 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\ko.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:03 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\ja.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:03 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\it.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:02 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\fr.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:02 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\fi.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:02 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\es.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:02 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\en.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:02 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\de.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:01 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\da.lproj\PictureViewerLocalized.qtr
24/06/2008 12:31:01 PM Detected: http://www.viruslist.com/en/advisories/29293 D:\PROGRAM FILES 2\QuickTime Alternative\PictureViewer.Resources\PictureViewer.qtr
24/06/2008 12:25:40 PM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{BFD20D4A-4B75-42C6-BE09-721A7EAB5AB2}\RP1\A0000055.exe/NPack
24/06/2008 12:25:40 PM Untreated: Heur.Trojan.Generic C:\System Volume Information\_restore{BFD20D4A-4B75-42C6-BE09-721A7EAB5AB2}\RP1\A0000055.exe/NPack Postponed
24/06/2008 12:25:40 PM Detected: Heur.Trojan.Generic C:\System Volume Information\_restore{BFD20D4A-4B75-42C6-BE09-721A7EAB5AB2}\RP1\A0000055.exe/NPack
24/06/2008 12:23:47 PM Detected: http://www.viruslist.com/en/advisories/27865 C:\Program Files\winamp\winamp.exe
24/06/2008 12:23:46 PM Detected: http://www.viruslist.com/en/advisories/12430 C:\Program Files\winzip\winzip32.exe
24/06/2008 12:23:41 PM Detected: http://www.viruslist.com/en/advisories/16653 C:\Program Files\symantec\liveupdate\luall.exe
24/06/2008 12:21:27 PM Detected: http://www.viruslist.com/en/advisories/23138 C:\Program Files\adobe\acrobat 5.0\reader\acrord32.exe
24/06/2008 12:20:49 PM Detected: http://www.viruslist.com/en/advisories/30143 C:\Program Files\microsoft office\office11\winword.exe
24/06/2008 12:20:34 PM Detected: http://www.viruslist.com/en/advisories/28506 C:\Program Files\microsoft office\office11\excel.exe
24/06/2008 12:20:33 PM Detected: http://www.viruslist.com/en/advisories/30150 C:\Program Files\microsoft office\office11\mspub.exe
24/06/2008 12:20:28 PM Detected: http://www.viruslist.com/en/advisories/12671 C:\Program Files\microsoft office\office11\PPTVIEW.EXE
24/06/2008 12:20:21 PM Detected: http://www.viruslist.com/en/advisories/29320 C:\Program Files\microsoft office\office11\outlook.exe
24/06/2008 12:19:21 PM Detected: http://www.viruslist.com/en/advisories/29321 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
24/06/2008 12:18:02 PM Detected: http://www.viruslist.com/en/advisories/26003 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
24/06/2008 12:16:40 PM Detected: http://www.viruslist.com/en/advisories/28083 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
24/06/2008 12:15:47 PM Detected: Heur.Trojan.Generic C:\WINDOWS\system32\WinUpdatedata.exe/NPack
24/06/2008 12:15:47 PM Untreated: Heur.Trojan.Generic C:\WINDOWS\system32\WinUpdatedata.exe/NPack Postponed
24/06/2008 12:15:45 PM Detected: Heur.Trojan.Generic C:\WINDOWS\system32\WinUpdatedata.exe/NPack
24/06/2008 12:15:41 PM Detected: http://www.viruslist.com/en/advisories/29293 C:\WINDOWS\system32\QuickTime.qts
24/06/2008 12:13:32 PM Detected: http://www.viruslist.com/en/advisories/12430 C:\Program Files\winzip\winzip32.exe
24/06/2008 12:13:32 PM Detected: http://www.viruslist.com/en/advisories/30150 C:\Program Files\microsoft office\office11\mspub.exe
24/06/2008 12:13:23 PM Detected: http://www.viruslist.com/en/advisories/16653 C:\Program Files\symantec\liveupdate\luall.exe
24/06/2008 12:13:13 PM Detected: http://www.viruslist.com/en/advisories/30143 C:\Program Files\microsoft office\office11\winword.exe
24/06/2008 12:13:03 PM Detected: http://www.viruslist.com/en/advisories/27865 C:\Program Files\winamp\winamp.exe
24/06/2008 12:13:01 PM Detected: http://www.viruslist.com/en/advisories/28506 C:\Program Files\microsoft office\office11\excel.exe
24/06/2008 12:12:51 PM Detected: http://www.viruslist.com/en/advisories/29320 C:\Program Files\microsoft office\office11\outlook.exe
24/06/2008 12:12:50 PM Detected: http://www.viruslist.com/en/advisories/23138 C:\Program Files\adobe\acrobat 5.0\reader\acrord32.exe
24/06/2008 12:12:32 PM Detected: http://www.viruslist.com/en/advisories/29321 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
24/06/2008 12:12:29 PM Task started
Full Scan: completed 24/06/2008 12:39:20 PM (events: 510, objects: 223469, time: 12:26:51 AM)
24/06/2008 12:08:35 PM Task stopped
24/06/2008 12:08:02 PM Task started