Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Win32.Genome and others


  • This topic is locked This topic is locked
26 replies to this topic

#1 sportzdude1213

sportzdude1213

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 08 June 2009 - 01:41 PM

Hello I have recently taken a computer out of the closet that hasn't been used for 2 years to find over 400 events of viruses on it according to Kaspersky virus scanner. I have tried several actions, including reinstalling target programs (Mostly Quicktime), and the viruses seem unphased. I have provided the DDS scan and a Kaspersky report below. Thanks for your help in advance, any assistance is greatly appreciated.

OS: MS Windows XP Pro SP3




DDS (Ver_09-05-14.01) - NTFSx86
Run by Ed at 13:06:28.67 on Mon 06/08/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = <local>
uInternet Settings,ProxyOverride = <local>
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: IEWatchObj Class: {9527d42f-d666-11d3-b8dd-00600838cd5f} - c:\windows\system32\IETie.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdmcks.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [F5D7050v3] c:\program files\belkin\f5d7050v3\Belkinwcui.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/b/e/5/be592e3e-4442-4588-b01e-8fe3a2e104ac/LegitCheckControl.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_4-2-1.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161054807298
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://filenet.webex.com/client/v_mywebex-t20/event/ieatgpc.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ed\applic~1\mozilla\firefox\profiles\975zed3c.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-06-08 12:02 <DIR> --d----- c:\program files\iPod
2009-06-08 12:01 <DIR> --d----- c:\program files\iTunes
2009-06-08 12:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-08 12:01 <DIR> --d----- c:\program files\Bonjour
2009-06-07 21:03 200,704 a------- c:\windows\system32\UpdateDriver.exe
2009-06-07 21:03 5,224 a------- c:\windows\system32\ucuiinfo.ini
2009-06-07 21:02 <DIR> --d----- c:\program files\Belkin
2009-06-07 20:32 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-07 20:32 1,409 a------- c:\windows\QTFont.for
2009-06-06 17:18 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-06-06 17:18 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-06-06 17:17 4,648,480 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-06 17:17 704,544 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-06-06 17:17 37,396 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-06 17:17 3,488 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-06-06 17:17 <DIR> --d----- c:\program files\Kaspersky Lab
2009-06-06 17:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-06-06 17:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-06-05 15:00 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-06-05 15:00 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2009-06-06 18:49 6,656 a------- c:\windows\system32\users32.dat
2009-06-06 17:45 33,808 a------- c:\windows\system32\drivers\klbg.sys
2007-09-08 02:42 1,267,895 a------- c:\documents and settings\ed\D3 Micro Tool.exe
2007-04-24 17:32 21,568 a------- c:\docume~1\ed\applic~1\GDIPFONTCACHEV1.DAT
2008-03-06 21:36 6,660 a--sh--- c:\windows\system32\ttsut.ini2

============= FINISH: 13:10:26.52 ===============




Full Scan: completed 6/8/2009 2:19:05 PM (events: 548, objects: 247405, time: 01:54:16)
6/6/2009 5:20:14 PM Task started
6/6/2009 5:20:19 PM Task completed
Full Scan: completed 6/8/2009 2:19:05 PM (events: 548, objects: 247405, time: 01:54:16)
6/6/2009 5:25:15 PM Task started
6/6/2009 5:30:06 PM Task completed
Full Scan: completed 6/8/2009 2:19:05 PM (events: 548, objects: 247405, time: 01:54:16)
6/6/2009 5:26:49 PM Task started
6/6/2009 5:26:49 PM Task completed
Full Scan: completed 6/8/2009 2:19:05 PM (events: 548, objects: 247405, time: 01:54:16)
6/6/2009 5:28:12 PM Task started
6/6/2009 5:30:04 PM Detected: http://www.viruslist.com/en/advisories/31454 c:\program files\microsoft office\office10\excel.exe
6/6/2009 5:30:04 PM Detected: http://www.viruslist.com/en/advisories/29320 c:\program files\microsoft office\office10\outlook.exe
6/6/2009 5:30:07 PM Detected: http://www.viruslist.com/en/advisories/31453 c:\program files\microsoft office\office10\powerpnt.exe
6/6/2009 5:30:07 PM Detected: http://www.viruslist.com/en/advisories/30975 c:\program files\microsoft office\office10\winword.exe
6/6/2009 5:30:17 PM Detected: http://www.viruslist.com/en/advisories/26201 c:\program files\adobe\acrobat 6.0\reader\acrord32.exe
6/6/2009 5:30:18 PM Detected: http://www.viruslist.com/en/advisories/30761 c:\program files\mozilla firefox\firefox.exe
6/6/2009 5:30:20 PM Detected: http://www.viruslist.com/en/advisories/29293 c:\program files\quicktime\quicktimeplayer.exe
6/6/2009 5:30:21 PM Detected: http://www.viruslist.com/en/advisories/27620 c:\program files\real\realplayer\realplay.exe
6/6/2009 5:30:21 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\windows\system32\java.exe
6/6/2009 5:30:22 PM Detected: http://www.viruslist.com/en/advisories/19358 c:\program files\rhapsody\rhapsody.exe
6/6/2009 5:30:22 PM Detected: http://www.viruslist.com/en/advisories/31010 c:\windows\system32\java.exe
6/6/2009 5:32:28 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157064.exe
6/6/2009 5:32:28 PM Untreated: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157064.exe Postponed
6/6/2009 5:33:06 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157120.exe
6/6/2009 5:33:06 PM Untreated: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157120.exe Postponed
6/6/2009 5:33:06 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157121.exe
6/6/2009 5:33:06 PM Untreated: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157121.exe Postponed
6/6/2009 5:33:49 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157346.exe/ASPack
6/6/2009 5:33:50 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157347.exe/ASPack
6/6/2009 5:33:50 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157346.exe/ASPack Postponed
6/6/2009 5:33:50 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157347.exe/ASPack Postponed
6/6/2009 5:33:51 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157348.exe/ASPack
6/6/2009 5:33:51 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157348.exe/ASPack Postponed
6/6/2009 5:39:30 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\Documents and Settings\Ed\WarcraftAutorefresh_FIXED.exe
6/6/2009 5:39:31 PM Untreated: Trojan-Spy.Win32.Pophot.cpc c:\Documents and Settings\Ed\WarcraftAutorefresh_FIXED.exe Postponed
6/6/2009 5:43:17 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\Documents and Settings\Ed\Local Settings\Temp\_tc\WarcraftAutorefresh_FIXED.exe
6/6/2009 5:43:17 PM Untreated: Trojan-Spy.Win32.Pophot.cpc c:\Documents and Settings\Ed\Local Settings\Temp\_tc\WarcraftAutorefresh_FIXED.exe Postponed
6/6/2009 5:49:38 PM Detected: Trojan-Downloader.Win32.Agent.hyy c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\6J0RZ7MS\hiiaar[1].txt
6/6/2009 5:49:38 PM Untreated: Trojan-Downloader.Win32.Agent.hyy c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\6J0RZ7MS\hiiaar[1].txt Postponed
6/6/2009 5:57:39 PM Detected: Trojan-Downloader.Win32.Homles.b c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\OBSE6JU0\17PHolmes[1].cmt/PE_Patch.Upolyx/PE_Patch.UPX/UPX
6/6/2009 5:57:40 PM Untreated: Trojan-Downloader.Win32.Homles.b c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\OBSE6JU0\17PHolmes[1].cmt/PE_Patch.Upolyx/PE_Patch.UPX/UPX Postponed
6/6/2009 5:59:52 PM Detected: Trojan.Win32.Monder.gen c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\css4[1]
6/6/2009 5:59:52 PM Untreated: Trojan.Win32.Monder.gen c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\css4[1] Postponed
6/6/2009 5:59:56 PM Detected: not-a-virus:FraudTool.Win32.Reanimator.a c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\Installer2[1].exe/PE_Patch/UPack
6/6/2009 5:59:56 PM Untreated: not-a-virus:FraudTool.Win32.Reanimator.a c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\Installer2[1].exe/PE_Patch/UPack Postponed
6/6/2009 6:11:17 PM Detected: http://www.viruslist.com/en/advisories/26201 c:\program files\adobe\acrobat 6.0\reader\acrord32.exe
6/6/2009 6:11:50 PM Detected: http://www.viruslist.com/en/advisories/26027 c:\program files\Common Files\AOL\Flasha.ocx
6/6/2009 6:13:54 PM Detected: http://www.viruslist.com/en/advisories/31744 c:\program files\Common Files\Microsoft Shared\Office10\MSO.DLL
6/6/2009 6:16:21 PM Detected: http://www.viruslist.com/en/advisories/34451 c:\program files\Java\jre1.5.0_08\bin\java.exe
6/6/2009 6:16:22 PM Detected: http://www.viruslist.com/en/advisories/32991 c:\program files\Java\jre1.5.0_08\bin\javaws.exe
6/6/2009 6:17:11 PM Detected: http://www.viruslist.com/en/advisories/34451 c:\program files\Java\jre1.5.0_10\bin\java.exe
6/6/2009 6:17:12 PM Detected: http://www.viruslist.com/en/advisories/32991 c:\program files\Java\jre1.5.0_10\bin\javaws.exe
6/6/2009 6:17:45 PM Detected: http://www.viruslist.com/en/advisories/34451 c:\program files\Java\jre1.5.0_11\bin\java.exe
6/6/2009 6:17:46 PM Detected: http://www.viruslist.com/en/advisories/32991 c:\program files\Java\jre1.5.0_11\bin\javaws.exe
6/6/2009 6:18:23 PM Detected: http://www.viruslist.com/en/advisories/34451 c:\program files\Java\jre1.6.0_01\bin\java.exe
6/6/2009 6:18:41 PM Detected: http://www.viruslist.com/en/advisories/34451 c:\program files\Java\jre1.6.0_02\bin\java.exe
6/6/2009 6:19:52 PM Detected: http://www.viruslist.com/en/advisories/33954 c:\program files\microsoft office\office10\excel.exe
6/6/2009 6:20:02 PM Detected: http://www.viruslist.com/en/advisories/29320 c:\program files\microsoft office\office10\outlook.exe
6/6/2009 6:20:03 PM Detected: http://www.viruslist.com/en/advisories/34572 c:\program files\microsoft office\office10\powerpnt.exe
6/6/2009 6:20:07 PM Detected: http://www.viruslist.com/en/advisories/30285 c:\program files\microsoft office\office10\winword.exe
6/6/2009 6:21:13 PM Detected: http://www.viruslist.com/en/advisories/34471 c:\program files\mozilla firefox\firefox.exe
6/6/2009 6:21:33 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\PictureViewer.qtr
6/6/2009 6:21:33 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\da.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:33 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\de.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:34 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\quicktimeplayer.exe
6/6/2009 6:21:34 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\en.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:34 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\es.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:34 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\fi.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:34 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\fr.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\it.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\ja.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\ko.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\nl.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\no.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:36 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\zh_CN.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:36 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\sv.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:36 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PictureViewer.Resources\zh_TW.lproj\PictureViewerLocalized.qtr
6/6/2009 6:21:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\da.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\de.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\PanelHelperBase.qtr
6/6/2009 6:21:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\en.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\es.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\fi.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\fr.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\it.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\ja.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\ko.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\no.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\nl.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\sv.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj\PanelHelperBaseLocalized.qtr
6/6/2009 6:21:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\PropPanelHelpers.qtr
6/6/2009 6:21:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\de.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\da.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\en.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\es.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\fr.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\fi.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\it.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\ko.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\nl.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\no.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\sv.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\PropPanelHelpersLocalized.qtr
6/6/2009 6:21:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\CoreVideo.qtr
6/6/2009 6:21:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\da.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\de.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\es.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\fi.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\it.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\fr.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\ja.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\nl.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\ko.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\no.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\zh_CN.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\zh_TW.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\CoreVideo.Resources\sv.lproj\CoreVideoLocalized.qtr
6/6/2009 6:21:47 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\QuickTime.qtr
6/6/2009 6:21:47 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\da.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:48 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\de.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:48 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:49 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\es.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:49 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\fi.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:49 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:49 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\it.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:50 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\ja.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:50 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\ko.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\nl.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\sv.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\no.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr
6/6/2009 6:21:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeLocalized.qtr
6/6/2009 6:21:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\es.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\it.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\fr.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\ja.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\nl.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\no.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\QuickTime3GPPAuthoring.qtr
6/6/2009 6:21:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTime3GPPLocalized.qtr
6/6/2009 6:21:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\da.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\de.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\en.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\es.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\fr.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\fi.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\it.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\ko.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\ja.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\nl.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\no.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\sv.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_CN.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj\QuickTime3GPPAuthoringLocalized.qtr
6/6/2009 6:21:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr
6/6/2009 6:21:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\de.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:21:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\da.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:21:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:13 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\es.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:13 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\fi.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:14 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\fr.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:14 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\it.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:14 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\ja.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:14 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:14 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\nl.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:14 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\no.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:15 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\sv.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:15 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:15 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportLocalized.qtr
6/6/2009 6:22:15 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\QuickTimeAuthoring.qtr
6/6/2009 6:22:16 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:16 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\de.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:16 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:16 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:17 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\fi.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:17 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:17 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\it.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:17 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\ja.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:18 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\ko.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:18 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\nl.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:19 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\no.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:19 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\sv.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:19 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:19 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\QuickTimeCapture.qtr
6/6/2009 6:22:19 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringLocalized.qtr
6/6/2009 6:22:19 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\da.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:20 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\de.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:20 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\en.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:20 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\es.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:20 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\fi.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:20 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\fr.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:20 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\it.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:20 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\ja.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:20 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\ko.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:21 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\nl.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:21 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\no.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:21 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:21 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\zh_CN.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:21 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj\QuickTimeCaptureLocalized.qtr
6/6/2009 6:22:21 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\QuickTimeEffects.qtr
6/6/2009 6:22:22 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\da.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:22 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\en.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:22 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\de.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:22 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\es.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:23 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\fr.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:23 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\fi.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:23 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\it.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:24 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\ja.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:24 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\ko.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:24 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\nl.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:24 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\no.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:24 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\sv.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:25 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\zh_CN.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:25 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\da.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:25 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj\QuickTimeEffectsLocalized.qtr
6/6/2009 6:22:25 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr
6/6/2009 6:22:25 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\de.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:25 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:26 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\es.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:26 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\fr.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:26 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\fi.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:26 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\it.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:26 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\ko.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:26 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\ja.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:26 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\nl.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:27 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\no.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:27 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\sv.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:27 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:27 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\QuickTimeEssentialsLocalized.qtr
6/6/2009 6:22:27 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr
6/6/2009 6:22:27 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\da.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:27 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\de.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:27 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\es.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:27 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:28 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\fi.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:28 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\fr.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:28 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\it.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:28 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\ja.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:28 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\no.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:28 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\nl.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:28 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\ko.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:29 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\sv.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:29 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\zh_TW.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:29 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeH264.Resources\zh_CN.lproj\QuickTimeH264Localized.qtr
6/6/2009 6:22:29 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\de.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:29 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\QuickTimeImage.qtr
6/6/2009 6:22:29 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\da.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:29 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\fi.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:29 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\en.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:29 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\es.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:29 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\fr.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:30 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\ja.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:30 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\it.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:30 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\ko.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:30 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\nl.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:30 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\no.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:30 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\zh_CN.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:30 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\sv.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:31 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeImage.Resources\zh_TW.lproj\QuickTimeImageLocalized.qtr
6/6/2009 6:22:31 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr
6/6/2009 6:22:31 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\da.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:31 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\de.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:32 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:32 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:32 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\fi.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:34 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\fr.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:34 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\ja.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:34 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\it.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\ko.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\no.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\nl.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\zh_TW.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\zh_CN.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:35 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeInternetExtras.Resources\sv.lproj\QuickTimeInternetExtrasLocalized.qtr
6/6/2009 6:22:36 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\QuickTimeMPEG.qtr
6/6/2009 6:22:36 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\da.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:36 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\en.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:36 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\de.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:36 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\es.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:36 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\fr.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:36 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\fi.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\it.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\ko.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\ja.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\nl.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\no.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\sv.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:37 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\zh_CN.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr
6/6/2009 6:22:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG.Resources\zh_TW.lproj\QuickTimeMPEGLocalized.qtr
6/6/2009 6:22:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\da.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\de.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:38 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\es.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\fi.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\it.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\fr.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\nl.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\ja.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\ko.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\sv.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\zh_CN.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:39 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\no.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:40 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\QuickTimeMPEG4Authoring.qtr
6/6/2009 6:22:40 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4.Resources\zh_TW.lproj\QuickTimeMPEG4Localized.qtr
6/6/2009 6:22:40 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\da.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:40 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\de.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:40 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\en.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:40 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\es.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:41 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\fi.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:41 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\fr.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:41 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\it.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:41 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\ja.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:41 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\nl.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:41 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\ko.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:41 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\no.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:42 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_CN.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:42 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\sv.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:42 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr
6/6/2009 6:22:42 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\da.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:42 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_TW.lproj\QuickTimeMPEG4AuthoringLocalized.qtr
6/6/2009 6:22:43 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:43 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\es.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:43 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\de.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:43 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\it.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:43 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\fi.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:43 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\fr.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:43 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\ja.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:43 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\nl.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:43 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\ko.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:44 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\no.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:44 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\sv.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:44 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\zh_CN.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:44 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\QuickTimeQD3D.qtr
6/6/2009 6:22:44 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj\QuickTimeMusicLocalized.qtr
6/6/2009 6:22:44 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\da.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\en.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\es.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\de.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\fr.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\fi.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:45 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\it.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\ja.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\ko.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\nl.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\no.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\sv.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:46 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\zh_CN.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:47 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeQD3D.Resources\zh_TW.lproj\QuickTimeQD3DLocalized.qtr
6/6/2009 6:22:47 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr
6/6/2009 6:22:49 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\de.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:49 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\da.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:50 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:50 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\es.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:50 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\fi.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:50 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\fr.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:50 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\it.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:50 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\ja.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\ko.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\nl.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\no.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\sv.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingLocalized.qtr
6/6/2009 6:22:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\QuickTimeStreamingAuthoring.qtr
6/6/2009 6:22:51 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\da.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\de.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\en.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\fi.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\es.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\fr.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\it.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\ja.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\ko.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:52 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\nl.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_CN.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\no.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\sv.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr
6/6/2009 6:22:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\da.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_TW.lproj\QuickTimeStreamingAuthoringLocalized.qtr
6/6/2009 6:22:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\de.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:53 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\es.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\fi.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\fr.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\ja.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\it.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\ko.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\nl.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\no.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\sv.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj\QuickTimeStreamingExtrasLocalized.qtr
6/6/2009 6:22:54 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr
6/6/2009 6:22:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\da.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\de.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\fi.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\es.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\fr.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\ja.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:55 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\it.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\ko.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\nl.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\no.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\sv.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\zh_TW.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVR.Resources\zh_CN.lproj\QuickTimeVRLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\QuickTimeVRAuthoring.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\da.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\de.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\en.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\es.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\fi.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:56 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\fr.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:57 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\it.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:57 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\ja.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:57 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\ko.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:57 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\sv.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:57 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:57 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\no.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:57 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\zh_TW.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:57 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeVRAuthoring.Resources\zh_CN.lproj\QuickTimeVRAuthoringLocalized.qtr
6/6/2009 6:22:58 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\da.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:58 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\de.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:58 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:58 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeWebHelper.qtr
6/6/2009 6:22:58 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\es.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:58 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\fi.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:58 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\fr.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:58 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\it.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:58 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\ja.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:59 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\nl.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:59 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\ko.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:59 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\no.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:59 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\sv.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:59 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:22:59 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperLocalized.qtr
6/6/2009 6:23:00 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\program files\quicktime\QuickTimePlayer.Resources\QuickTimePlayer.qtr
6/6/2009 6:23:01 PM Detected: http://www.viruslist.com/en/advisories/27620 c:\program files\real\realplayer\realplay.exe
6/6/2009 6:23:19 PM Detected: http://www.viruslist.com/en/advisories/19358 c:\program files\rhapsody\rhapsody.exe
6/6/2009 6:25:34 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\program files\Turbine\Dungeons & Dragons Online - Stormreach\MarioForever.exe/ASPack
6/6/2009 6:25:34 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\program files\Turbine\Dungeons & Dragons Online - Stormreach\MarioForever.exe/ASPack Postponed
6/6/2009 6:29:27 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\RECYCLER\S-1-5-21-1935655697-1606980848-854245398-1003\Dc151\Desktop\WarcraftAutorefresh_FIXED.exe
6/6/2009 6:29:30 PM Untreated: Trojan-Spy.Win32.Pophot.cpc c:\RECYCLER\S-1-5-21-1935655697-1606980848-854245398-1003\Dc151\Desktop\WarcraftAutorefresh_FIXED.exe Postponed
6/6/2009 6:33:35 PM Detected: Backdoor.Win32.Small.cyb c:\windows\cru629.dat
6/6/2009 6:33:35 PM Untreated: Backdoor.Win32.Small.cyb c:\windows\cru629.dat Postponed
6/6/2009 6:44:39 PM Detected: Trojan-Clicker.Win32.Costrat.nw c:\windows\inf\rYehhbqzx.adm
6/6/2009 6:44:39 PM Untreated: Trojan-Clicker.Win32.Costrat.nw c:\windows\inf\rYehhbqzx.adm Postponed
6/6/2009 6:49:02 PM Detected: Backdoor.Win32.Small.cyb c:\windows\system32\cru629.dat
6/6/2009 6:49:02 PM Untreated: Backdoor.Win32.Small.cyb c:\windows\system32\cru629.dat Postponed
6/6/2009 6:49:16 PM Detected: http://www.viruslist.com/en/advisories/34451 c:\windows\system32\java.exe
6/6/2009 6:49:30 PM Detected: http://www.viruslist.com/en/advisories/23655 c:\windows\system32\msxml4.dll
6/6/2009 6:49:43 PM Detected: http://www.viruslist.com/en/advisories/35091 c:\windows\system32\QuickTime.qts
6/6/2009 6:49:55 PM Detected: not-a-virus:AdWare.Win32.Agent.zo c:\windows\system32\users32.dat/PE_Patch.UPX/UPX
6/6/2009 6:49:55 PM Untreated: not-a-virus:AdWare.Win32.Agent.zo c:\windows\system32\users32.dat/PE_Patch.UPX/UPX Postponed
6/6/2009 6:51:32 PM Detected: http://www.viruslist.com/en/advisories/34012 c:\windows\system32\Macromed\Flash\Flash9.ocx
6/6/2009 6:51:33 PM Detected: http://www.viruslist.com/en/advisories/34012 c:\windows\system32\Macromed\Flash\Flash9b.ocx
6/6/2009 6:51:34 PM Detected: http://www.viruslist.com/en/advisories/34012 c:\windows\system32\Macromed\Flash\NPSWF32.dll
6/6/2009 6:52:03 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00003.SPL/ASPack
6/6/2009 6:52:03 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00003.SPL/ASPack Postponed
6/6/2009 6:52:03 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00005.SPL/ASPack
6/6/2009 6:52:03 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00005.SPL/ASPack Postponed
6/6/2009 6:52:03 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00007.SPL/ASPack
6/6/2009 6:52:03 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00007.SPL/ASPack Postponed
6/6/2009 6:52:04 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00009.SPL/ASPack
6/6/2009 6:52:04 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00009.SPL/ASPack Postponed
6/6/2009 6:52:04 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00011.SPL/ASPack
6/6/2009 6:52:04 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00011.SPL/ASPack Postponed
6/6/2009 6:52:04 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00013.SPL/ASPack
6/6/2009 6:52:04 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00013.SPL/ASPack Postponed
6/6/2009 6:52:04 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00015.SPL/ASPack
6/6/2009 6:52:04 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00015.SPL/ASPack Postponed
6/6/2009 6:52:05 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00017.SPL/ASPack
6/6/2009 6:52:05 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00017.SPL/ASPack Postponed
6/6/2009 6:52:05 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00019.SPL/ASPack
6/6/2009 6:52:05 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00019.SPL/ASPack Postponed
6/6/2009 6:52:05 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00021.SPL/ASPack
6/6/2009 6:52:05 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00021.SPL/ASPack Postponed
6/6/2009 6:52:05 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00023.SPL/ASPack
6/6/2009 6:52:05 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00023.SPL/ASPack Postponed
6/6/2009 6:52:05 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00025.SPL/ASPack
6/6/2009 6:52:06 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00025.SPL/ASPack Postponed
6/6/2009 6:52:06 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00027.SPL/ASPack
6/6/2009 6:52:06 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00027.SPL/ASPack Postponed
6/6/2009 6:52:06 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00029.SPL/ASPack
6/6/2009 6:52:06 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00029.SPL/ASPack Postponed
6/6/2009 6:52:06 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00031.SPL/ASPack
6/6/2009 6:52:06 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00031.SPL/ASPack Postponed
6/6/2009 6:52:06 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00033.SPL/ASPack
6/6/2009 6:52:06 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00033.SPL/ASPack Postponed
6/6/2009 6:52:06 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00035.SPL/ASPack
6/6/2009 6:52:07 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00037.SPL/ASPack
6/6/2009 6:52:07 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00035.SPL/ASPack Postponed
6/6/2009 6:52:07 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00037.SPL/ASPack Postponed
6/6/2009 6:52:07 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00039.SPL/ASPack
6/6/2009 6:52:07 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00041.SPL/ASPack
6/6/2009 6:52:07 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00039.SPL/ASPack Postponed
6/6/2009 6:52:07 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00041.SPL/ASPack Postponed
6/6/2009 6:52:07 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00043.SPL/ASPack
6/6/2009 6:52:07 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00043.SPL/ASPack Postponed
6/6/2009 6:52:08 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00045.SPL/ASPack
6/6/2009 6:52:08 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00045.SPL/ASPack Postponed
6/6/2009 6:52:08 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00047.SPL/ASPack
6/6/2009 6:52:08 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00047.SPL/ASPack Postponed
6/6/2009 6:52:08 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00049.SPL/ASPack
6/6/2009 6:52:08 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00049.SPL/ASPack Postponed
6/6/2009 6:52:08 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00051.SPL/ASPack
6/6/2009 6:52:08 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00051.SPL/ASPack Postponed
6/6/2009 6:52:08 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00053.SPL/ASPack
6/6/2009 6:52:08 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00053.SPL/ASPack Postponed
6/6/2009 6:52:09 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00055.SPL/ASPack
6/6/2009 6:52:09 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00055.SPL/ASPack Postponed
6/6/2009 6:52:09 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00057.SPL/ASPack
6/6/2009 6:52:09 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00057.SPL/ASPack Postponed
6/6/2009 6:52:09 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00059.SPL/ASPack
6/6/2009 6:52:09 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00059.SPL/ASPack Postponed
6/6/2009 6:52:09 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00061.SPL/ASPack
6/6/2009 6:52:09 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00061.SPL/ASPack Postponed
6/6/2009 6:52:09 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00063.SPL/ASPack
6/6/2009 6:52:10 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00063.SPL/ASPack Postponed
6/6/2009 6:52:10 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00065.SPL/ASPack
6/6/2009 6:52:10 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00065.SPL/ASPack Postponed
6/6/2009 6:52:10 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00067.SPL/ASPack
6/6/2009 6:52:10 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00069.SPL/ASPack
6/6/2009 6:52:10 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00067.SPL/ASPack Postponed
6/6/2009 6:52:10 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00069.SPL/ASPack Postponed
6/6/2009 6:52:10 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00071.SPL/ASPack
6/6/2009 6:52:10 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00071.SPL/ASPack Postponed
6/6/2009 6:52:10 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00073.SPL/ASPack
6/6/2009 6:52:10 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00073.SPL/ASPack Postponed
6/6/2009 6:52:10 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00075.SPL/ASPack
6/6/2009 6:52:10 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00075.SPL/ASPack Postponed
6/6/2009 6:52:11 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00077.SPL/ASPack
6/6/2009 6:52:11 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00077.SPL/ASPack Postponed
6/6/2009 6:52:11 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00079.SPL/ASPack
6/6/2009 6:52:11 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00081.SPL/ASPack
6/6/2009 6:52:11 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00081.SPL/ASPack Postponed
6/6/2009 6:52:11 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00079.SPL/ASPack Postponed
6/6/2009 6:52:11 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00083.SPL/ASPack
6/6/2009 6:52:11 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00083.SPL/ASPack Postponed
6/6/2009 6:52:11 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00085.SPL/ASPack
6/6/2009 6:52:11 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00085.SPL/ASPack Postponed
6/6/2009 6:52:11 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00087.SPL/ASPack
6/6/2009 6:52:11 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00087.SPL/ASPack Postponed
6/6/2009 6:52:11 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00089.SPL/ASPack
6/6/2009 6:52:11 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00089.SPL/ASPack Postponed
6/6/2009 6:52:12 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00091.SPL/ASPack
6/6/2009 6:52:12 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00091.SPL/ASPack Postponed
6/6/2009 6:52:12 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00093.SPL/ASPack
6/6/2009 6:52:12 PM Untreated: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00093.SPL/ASPack Postponed
6/6/2009 6:52:33 PM Detected: http://www.viruslist.com/en/advisories/23655 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
6/6/2009 6:52:33 PM Detected: http://www.viruslist.com/en/advisories/23655 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9839.0_x-ww_ed80bd5c\msxml4.dll
6/6/2009 6:52:33 PM Detected: http://www.viruslist.com/en/advisories/23655 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll
6/6/2009 6:52:36 PM Detected: http://www.viruslist.com/en/advisories/23655 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
6/6/2009 6:55:09 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\Documents and Settings\Ed\Local Settings\Temp\_tc\WarcraftAutorefresh_FIXED.exe
6/6/2009 6:55:15 PM Deleted: Trojan-Spy.Win32.Pophot.cpc c:\Documents and Settings\Ed\Local Settings\Temp\_tc\WarcraftAutorefresh_FIXED.exe
6/6/2009 6:55:15 PM Detected: Trojan-Downloader.Win32.Agent.hyy c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\6J0RZ7MS\hiiaar[1].txt
6/6/2009 6:55:15 PM Deleted: Trojan-Downloader.Win32.Agent.hyy c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\6J0RZ7MS\hiiaar[1].txt
6/6/2009 6:55:15 PM Detected: Trojan-Downloader.Win32.Homles.b c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\OBSE6JU0\17PHolmes[1].cmt/PE_Patch.Upolyx/PE_Patch.UPX/UPX
6/6/2009 6:55:15 PM Deleted: Trojan-Downloader.Win32.Homles.b c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\OBSE6JU0\17pholmes[1].cmt
6/6/2009 6:55:15 PM Detected: Trojan.Win32.Monder.gen c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\css4[1]
6/6/2009 6:55:15 PM Deleted: Trojan.Win32.Monder.gen c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\css4[1]
6/6/2009 6:55:15 PM Detected: not-a-virus:FraudTool.Win32.Reanimator.a c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\Installer2[1].exe/PE_Patch/UPack
6/6/2009 6:55:15 PM Deleted: not-a-virus:FraudTool.Win32.Reanimator.a c:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\installer2[1].exe
6/6/2009 6:55:15 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\Documents and Settings\Ed\WarcraftAutorefresh_FIXED.exe
6/6/2009 6:55:15 PM Deleted: Trojan-Spy.Win32.Pophot.cpc c:\Documents and Settings\Ed\WarcraftAutorefresh_FIXED.exe
6/6/2009 6:55:16 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\program files\Turbine\Dungeons & Dragons Online - Stormreach\MarioForever.exe/ASPack
6/6/2009 6:55:16 PM Deleted: Trojan-Dropper.Win32.Agent.sbe c:\program files\Turbine\Dungeons & Dragons Online - Stormreach\marioforever.exe
6/6/2009 6:55:16 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\RECYCLER\S-1-5-21-1935655697-1606980848-854245398-1003\Dc151\Desktop\WarcraftAutorefresh_FIXED.exe
6/6/2009 6:55:16 PM Deleted: Trojan-Spy.Win32.Pophot.cpc c:\RECYCLER\S-1-5-21-1935655697-1606980848-854245398-1003\Dc151\Desktop\WarcraftAutorefresh_FIXED.exe
6/6/2009 6:55:16 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157064.exe
6/6/2009 6:55:16 PM Deleted: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157064.exe
6/6/2009 6:55:16 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157120.exe
6/6/2009 6:55:16 PM Deleted: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157120.exe
6/6/2009 6:55:16 PM Detected: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157121.exe
6/6/2009 6:55:16 PM Deleted: Trojan-Spy.Win32.Pophot.cpc c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157121.exe
6/6/2009 6:55:16 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157346.exe/ASPack
6/6/2009 6:55:16 PM Deleted: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\a0157346.exe
6/6/2009 6:55:16 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157347.exe/ASPack
6/6/2009 6:55:16 PM Deleted: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\a0157347.exe
6/6/2009 6:55:16 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157348.exe/ASPack
6/6/2009 6:55:17 PM Deleted: Trojan-Dropper.Win32.Agent.sbe c:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\a0157348.exe
6/6/2009 6:55:17 PM Detected: Backdoor.Win32.Small.cyb c:\windows\cru629.dat
6/6/2009 6:55:17 PM Deleted: Backdoor.Win32.Small.cyb c:\windows\cru629.dat
6/6/2009 6:55:17 PM Detected: Trojan-Clicker.Win32.Costrat.nw c:\windows\inf\rYehhbqzx.adm
6/6/2009 6:55:17 PM Deleted: Trojan-Clicker.Win32.Costrat.nw c:\windows\inf\rYehhbqzx.adm
6/6/2009 6:55:17 PM Detected: Backdoor.Win32.Small.cyb c:\windows\system32\cru629.dat
6/6/2009 6:55:17 PM Deleted: Backdoor.Win32.Small.cyb c:\windows\system32\cru629.dat
6/6/2009 6:55:17 PM Detected: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00003.SPL/ASPack
6/6/2009 6:55:17 PM Cannot be deleted: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00003.spl
6/6/2009 6:55:17 PM Will be deleted on system restart: Trojan-Dropper.Win32.Agent.sbe c:\windows\system32\spool\PRINTERS\00003.spl
6/6/2009 6:55:20 PM Task completed

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:59 PM

Posted 10 June 2009 - 01:19 PM

Hello sportzdude1213,

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.



Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 sportzdude1213

sportzdude1213
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 10 June 2009 - 06:00 PM

Security Check

Results of screen317's Security Check version 0.98.4
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
ECHO is off.
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Windows Defender
Malwarebytes' Anti-Malware
McAfee SiteAdvisor for Internet Explorer
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

Windows Defender MsMpEng.exe is disabled!
Windows Defender MSASCui.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

GREAT! (Very random)
Request Timed Out (Check Internet connection?)

Scan took 16 seconds.
`````````End of Log```````````






MBAM Log

Malwarebytes' Anti-Malware 1.37
Database version: 2259
Windows 5.1.2600 Service Pack 2

6/10/2009 6:39:14 PM
mbam-log-2009-06-10 (18-39-14).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 155781
Time elapsed: 43 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\users32.dat (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00021.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00041.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00061.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00007.SPL (Worm.Zhelatin) -> Delete on reboot.
c:\WINDOWS\system32\spool\PRINTERS\00009.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00011.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00013.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00015.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00017.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00019.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00023.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00025.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00027.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00029.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00031.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00033.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00035.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00037.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00039.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00043.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00045.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00047.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00049.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00051.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00053.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00055.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00057.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00059.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00063.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00065.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00067.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00069.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00071.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00073.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00075.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00077.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00079.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00081.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00083.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00085.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00087.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00089.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00091.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\PRINTERS\00093.SPL (Worm.Zhelatin) -> Quarantined and deleted successfully.


HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:15 PM, on 6/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Documents and Settings\Ed\Desktop\SecurityCheck.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_4-2-1.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161054807298
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://filenet.webex.com/client/v_mywebex-...ent/ieatgpc.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 6310 bytes






I see that a lot of the viruses are in a PRINTER folder.. I do not use a printer anymore, so I can delete them if you want me to.

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:59 PM

Posted 10 June 2009 - 06:39 PM

Hi sportzdude1213,

I do not use a printer anymore, so I can delete them if you want me to.


We will let the antivirus take care of them.

What anitivirus do you have installed on this computer?

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    Java SE Runtime Environment 6 Update 1
    Java 6 Update 2
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Edited by SifuMike, 10 June 2009 - 06:40 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 sportzdude1213

sportzdude1213
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 10 June 2009 - 08:23 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16512 (vista_gdr.070625-1522)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=d7287e83ade4644eb5b4807a1c636f99
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-06-11 01:19:41
# local_time=2009-06-10 09:19:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1281 62 0 100 3584540086352
# scanned=61029
# found=3
# cleaned=3
# scan_time=2264
C:\Documents and Settings\Ed\Local Settings\Temp\removalfile.bat Win32/Adware.Virtumonde application (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\WINDOWS\system32\ttsut.ini2 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000





I used Kaspersky at first (original scan in first post) but the trial has recently ended, I plan on buying a permanent AntiVirus but I am not sure which to buy at the moment.

-I have a Norton 360 prescription on a computer I no longer use, do you know if there is a way to transfer the software and prescription to another computer?

Edited by sportzdude1213, 10 June 2009 - 08:24 PM.


#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:59 PM

Posted 10 June 2009 - 09:14 PM

Hi sportzdude1213,

I plan on buying a permanent AntiVirus but I am not sure which to buy at the moment.


No sense in buying a new antivirus when you can get one for free.


I have a Norton 360 prescription on a computer I no longer use, do you know if there is a way to transfer the software and prescription to another computer?


No.


Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus !
Product from this vendor received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThis log.

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirus scan is not present which should be able to deal with most and prevent further reinfection.

Edited by SifuMike, 10 June 2009 - 09:18 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 sportzdude1213

sportzdude1213
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 10 June 2009 - 11:03 PM

Thank you very much for the Avira AntiVirus.




Avira AntiVir Personal
Report file date: Wednesday, June 10, 2009 23:11

Scanning for 1462412 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KIDS

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/11/2009 03:10:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:26
ANTIVIR2.VDF : 7.1.4.38 2692096 Bytes 5/29/2009 03:10:29
ANTIVIR3.VDF : 7.1.4.82 321024 Bytes 6/10/2009 03:10:30
Engineversion : 8.2.0.183
AEVDF.DLL : 8.1.1.1 106868 Bytes 6/11/2009 03:10:30
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 6/11/2009 03:10:30
AESCN.DLL : 8.1.2.3 127347 Bytes 6/11/2009 03:10:30
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:41
AEPACK.DLL : 8.1.3.18 401783 Bytes 6/11/2009 03:10:30
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:56
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 6/11/2009 03:10:30
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 01:01:56
AEGEN.DLL : 8.1.1.45 348532 Bytes 6/11/2009 03:10:30
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 6/11/2009 03:10:30
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/11/2009 03:10:29
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Wednesday, June 10, 2009 23:11

Starting search for hidden objects.
'54327' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Belkinwcui.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'WUSB54GC.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.22.61.1\comps\acscore.exe
[DETECTION] Is the TR/Agent.1436664 Trojan
C:\Documents and Settings\Ed\Desktop\keyfinder.exe

[0] Archive type: RAR SFX (self extracting)
--> findkey.exe
[DETECTION] Contains recognition pattern of the SPR/XP.Keyfinder program
--> xpkey.exe
[DETECTION] Contains recognition pattern of the SPR/PSW.RAS.A.2 program
--> officekey.exe
[DETECTION] Contains recognition pattern of the SPR/PSW.RAS.A.3 program
C:\Documents and Settings\Ed\Local Settings\Temp\JVMB.tmp
[0] Archive type: CAB (Microsoft)
--> aa.class
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\station55v2.0b1[1].zip
[0] Archive type: ZIP
--> station55v2.0b1/bnetauth.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Telock). Please verify the origin of this file.
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\TriviaBot.zip[1].zip
[0] Archive type: ZIP
--> TriviaBot.zip
[1] Archive type: ZIP
--> station55v2.0b1/bnetauth.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Telock). Please verify the origin of this file.
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\station55v2.0b1[1]\station55v2.0b1\bnetauth.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Telock). Please verify the origin of this file.
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\TriviaBot.zip[1]\TriviaBot.zip
[0] Archive type: ZIP
--> station55v2.0b1/bnetauth.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Telock). Please verify the origin of this file.
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\TriviaBot.zip[1]\TriviaBot\station55v2.0b1\bnetauth.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Telock). Please verify the origin of this file.
C:\Downloads\s55v2H.zip
[0] Archive type: ZIP
--> bnetauth.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Telock). Please verify the origin of this file.
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1103\A0156331.exe
[DETECTION] Contains recognition pattern of the SPR/StealthBot.1941 program
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0156627.exe
[DETECTION] Contains recognition pattern of the SPR/StealthBot.1941 program
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0156629.exe
[DETECTION] Contains recognition pattern of the SPR/StealthBot.1941 program
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0156633.exe
[DETECTION] Contains recognition pattern of the SPR/StealthBot.1941 program
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157133.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Telock). Please verify the origin of this file.
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157141.exe
[DETECTION] Is the TR/Killfiles.SO.1 Trojan
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157370.exe
[DETECTION] Contains recognition pattern of the SPR/StealthBot.1941 program
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1112\A0159664.exe
[DETECTION] Contains recognition pattern of the APPL/Processor application
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1112\A0159689.exe

[0] Archive type: RAR SFX (self extracting)
--> findkey.exe
[DETECTION] Contains recognition pattern of the SPR/XP.Keyfinder program
--> xpkey.exe
[DETECTION] Contains recognition pattern of the SPR/PSW.RAS.A.2 program
--> officekey.exe
[DETECTION] Contains recognition pattern of the SPR/PSW.RAS.A.3 program
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1124\A0164031.dll
[DETECTION] Contains recognition pattern of the SPR/WildTangent.B program
C:\WINDOWS\wt\webdriver\wtmulti.dll
[DETECTION] Contains recognition pattern of the ADSPY/WildTangent.A adware or spyware
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtmulti.dll
[DETECTION] Contains recognition pattern of the ADSPY/WildTangent.A adware or spyware

Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\AOL Downloads\AOL_OpenRide_1.22.61.1\comps\acscore.exe
[DETECTION] Is the TR/Agent.1436664 Trojan
[NOTE] The file was moved to '4aa37f9c.qua'!
C:\Documents and Settings\Ed\Desktop\keyfinder.exe
[NOTE] The file was moved to '4aa97f9e.qua'!
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\station55v2.0b1[1].zip
[NOTE] The file was moved to '4a917fad.qua'!
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\TriviaBot.zip[1].zip
[NOTE] The file was moved to '4a997fab.qua'!
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\station55v2.0b1[1]\station55v2.0b1\bnetauth.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Telock). Please verify the origin of this file.
[NOTE] The file was moved to '4a957fa7.qua'!
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\TriviaBot.zip[1]\TriviaBot.zip
[NOTE] The file was moved to '499ca65c.qua'!
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\YZJD7G46\TriviaBot.zip[1]\TriviaBot\station55v2.0b1\bnetauth.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Telock). Please verify the origin of this file.
[NOTE] The file was moved to '4a957fa8.qua'!
C:\Downloads\s55v2H.zip
[NOTE] The file was moved to '4a657f6f.qua'!
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1103\A0156331.exe
[DETECTION] Contains recognition pattern of the SPR/StealthBot.1941 program
[NOTE] The file was moved to '4a617f6b.qua'!
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0156627.exe
[DETECTION] Contains recognition pattern of the SPR/StealthBot.1941 program
[NOTE] The file was moved to '4a617f6c.qua'!
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0156629.exe
[DETECTION] Contains recognition pattern of the SPR/StealthBot.1941 program
[NOTE] The file was moved to '4b1ba9dd.qua'!
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0156633.exe
[DETECTION] Contains recognition pattern of the SPR/StealthBot.1941 program
[NOTE] The file was moved to '4a617f6d.qua'!
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157133.dll
[DETECTION] This file has been compressed using unusual runtime compression (PCK/Telock). Please verify the origin of this file.
[NOTE] The file was moved to '4a617f6f.qua'!
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157141.exe
[DETECTION] Is the TR/Killfiles.SO.1 Trojan
[NOTE] The file was moved to '4b1aa108.qua'!
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1104\A0157370.exe
[DETECTION] Contains recognition pattern of the SPR/StealthBot.1941 program
[NOTE] The file was moved to '4a617f70.qua'!
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1112\A0159664.exe
[DETECTION] Contains recognition pattern of the APPL/Processor application
[NOTE] The file was moved to '4a617f71.qua'!
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1112\A0159689.exe
[NOTE] The file was moved to '49688662.qua'!
C:\System Volume Information\_restore{CD2C52F3-A3BA-4B22-913E-8F1B03C8224B}\RP1124\A0164031.dll
[DETECTION] Contains recognition pattern of the SPR/WildTangent.B program
[NOTE] The file was moved to '49757a62.qua'!
C:\WINDOWS\wt\webdriver\wtmulti.dll
[DETECTION] Contains recognition pattern of the ADSPY/WildTangent.A adware or spyware
[NOTE] The file was moved to '4a9d7fb5.qua'!
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtmulti.dll
[DETECTION] Contains recognition pattern of the ADSPY/WildTangent.A adware or spyware
[NOTE] The file was moved to '4a9d7fb9.qua'!


End of the scan: Wednesday, June 10, 2009 23:51
Used time: 39:48 Minute(s)

The scan has been done completely.

5432 Scanned directories
237087 Files were scanned
24 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
20 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
237062 Files not concerned
1425 Archives were scanned
3 Warnings
21 Notes
54327 Objects were scanned with rootkit scan
0 Hidden objects were found





------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:02:14 AM, on 6/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_4-2-1.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161054807298
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://filenet.webex.com/client/v_mywebex-...ent/ieatgpc.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Windows Defender (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 6735 bytes

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:59 PM

Posted 10 June 2009 - 11:32 PM

Hi sportzdude1213,



We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.


You need to disable your Alvira Antivirus before running ComboFix, as it will prevent it from running.

To disable Avira Antivirus:
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Posted Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Posted Image )
You succesfully disabled the AntiVir Guard.



Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Edited by SifuMike, 10 June 2009 - 11:34 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 sportzdude1213

sportzdude1213
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 11 June 2009 - 08:59 AM

ComboFix 09-06-10.02 - Ed 06/11/2009 9:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1717 [GMT -4:00]
Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
C:\ddo_client_install.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-11 03:10 . 2009-06-11 03:09 404225 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe
2009-06-11 03:10 . 2009-06-11 03:09 345345 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.dll
2009-06-11 03:10 . 2009-04-09 14:20 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updaterc.dll
2009-06-11 03:10 . 2009-02-27 15:59 8961 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updguirc.dll
2009-06-11 03:10 . 2009-02-24 17:16 117505 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updgui.dll
2009-06-11 03:10 . 2009-02-13 20:01 79105 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\updext.dll
2009-06-11 03:10 . 2008-12-05 15:32 126721 ----a-w- c:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\scewxmlw.dll
2009-06-11 03:06 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-11 03:06 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-11 03:06 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-11 03:06 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-11 03:06 . 2009-06-11 03:06 -------- d-----w- c:\program files\Avira
2009-06-11 03:06 . 2009-06-11 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-11 00:19 . 2009-06-11 00:19 -------- d-----w- c:\program files\ESET
2009-06-11 00:16 . 2009-06-11 00:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 22:55 . 2009-06-10 22:55 -------- d-----w- c:\program files\Trend Micro
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\documents and settings\Ed\Application Data\Malwarebytes
2009-06-10 21:31 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 21:31 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 16:17 . 2009-06-10 16:17 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-10 15:15 . 2009-06-10 15:15 -------- d-----w- c:\program files\LSoft Technologies
2009-06-10 15:12 . 2009-06-10 16:17 -------- d-----w- c:\program files\Ask.com
2009-06-10 15:12 . 2009-06-10 15:12 -------- d-----w- c:\program files\Smart Projects
2009-06-10 13:34 . 2009-06-10 14:58 -------- d-----w- c:\documents and settings\Ed\Application Data\Download Manager
2009-06-09 01:43 . 2009-06-09 01:44 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-09 01:43 . 2009-06-09 01:43 -------- d-----w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab
2009-06-08 21:20 . 2009-06-08 21:20 -------- d-----w- c:\program files\Guitar Pro 5
2009-06-08 16:02 . 2009-06-08 16:02 -------- d-----w- c:\program files\iPod
2009-06-08 16:01 . 2009-06-08 16:02 -------- d-----w- c:\program files\iTunes
2009-06-08 16:01 . 2009-06-08 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-08 16:01 . 2009-06-08 16:01 -------- d-----w- c:\program files\Bonjour
2009-06-08 15:59 . 2009-06-08 16:01 -------- d-----w- c:\program files\Common Files\Apple
2009-06-08 15:59 . 2009-06-08 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-08 01:03 . 2006-08-15 15:42 200704 ----a-w- c:\windows\system32\UpdateDriver.exe
2009-06-08 01:02 . 2009-06-08 01:02 -------- d-----w- c:\program files\Belkin
2009-06-08 01:02 . 2009-06-08 01:02 -------- d-----w- c:\documents and settings\Ed\Application Data\InstallShield
2009-06-06 21:43 . 2009-06-06 21:43 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-06 21:43 . 2009-06-06 21:43 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-06 21:43 . 2009-06-06 21:43 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-06 21:18 . 2009-06-06 21:44 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-06 21:18 . 2009-06-06 21:44 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-06 21:17 . 2009-06-10 16:18 761888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-06 21:17 . 2009-06-10 16:18 4659232 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-06 21:17 . 2009-06-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-06 21:17 . 2009-06-06 21:17 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-06 21:08 . 2009-06-06 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-05 19:00 . 2004-08-04 03:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-05 19:00 . 2004-08-04 03:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-30 16:50 . 2009-05-30 16:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 13:45 . 2008-04-27 02:58 -------- d-----w- c:\program files\Steam
2009-06-11 00:15 . 2006-08-24 21:52 -------- d-----w- c:\program files\Java
2009-06-10 16:23 . 2004-10-02 15:26 21568 ----a-w- c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 16:18 . 2009-06-06 21:17 37480 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-10 16:18 . 2009-06-06 21:17 3684 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-10 15:15 . 2004-01-02 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 22:23 . 2003-12-27 19:16 -------- d-----w- c:\program files\QuickTime
2009-06-08 16:22 . 2006-10-27 01:00 -------- d-----w- c:\documents and settings\Ed\Application Data\Free Download Manager
2009-06-08 16:01 . 2006-08-07 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-06 21:45 . 2008-01-29 21:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-05 20:41 . 2003-12-27 19:14 -------- d-----w- c:\program files\Common Files\AOL
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2005-02-02 05:21 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-10 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-01-11 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
path=c:\documents and settings\Ed\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\ayeonea1\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:UDP"= 9000:UDP:9000
"9001:UDP"= 9001:UDP:9001
"9002:UDP"= 9002:UDP:9002
"9003:UDP"= 9003:UDP:9003
"9004:UDP"= 9004:UDP:9004
"9005:UDP"= 9005:UDP:9005
"9006:UDP"= 9006:UDP:9006
"9007:UDP"= 9007:UDP:9007
"9008:UDP"= 9008:UDP:9008
"9009:UDP"= 9009:UDP:9009
"9010:UDP"= 9010:UDP:9010
"2900:UDP"= 2900:UDP:2900
"2901:UDP"= 2901:UDP:2901
"2902:UDP"= 2902:UDP:2902
"2903:UDP"= 2903:UDP:2903
"2904:UDP"= 2904:UDP:2904
"2905:UDP"= 2905:UDP:2905
"2906:UDP"= 2906:UDP:2906
"2907:UDP"= 2907:UDP:2907
"2908:UDP"= 2908:UDP:2908
"2909:UDP"= 2909:UDP:2909
"2910:UDP"= 2910:UDP:2910
"26000:TCP"= 26000:TCP:Eve

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [7/8/2006 9:56 PM 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/10/2009 11:06 PM 108289]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 ldiskl;ldiskl;c:\docume~1\Ed\LOCALS~1\Temp\ldiskl.sys [9/22/2001 6:33 PM 15872]
S3 lflpydis;lflpydis;c:\docume~1\Ed\LOCALS~1\Temp\lflpydis.sys [6/15/2006 10:38 PM 17920]
S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [5/2/2004 6:25 PM 20864]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = <local>
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 09:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\system32\CF13339.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-06-11 9:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-11 13:48

Pre-Run: 41,567,199,232 bytes free
Post-Run: 40,723,140,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

222 --- E O F --- 2007-08-30 00:56

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:59 PM

Posted 11 June 2009 - 02:56 PM

Hi sportzdude1213,


Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the each of the following file paths into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\system32\drivers\BIOS.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
  • If Copy to Clipbard does not work, then just copy and paste the output in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.



You need to disable your Alvira Antivirus before running ComboFix, as it will prevent it from running.

To disable Avira Antivirus:
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Posted Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Posted Image )
You succesfully disabled the AntiVir Guard.



Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File:: 
c:\docume~1\Ed\LOCALS~1\Temp\ldiskl.sys 
c:\docume~1\Ed\LOCALS~1\Temp\lflpydis.sys

Registry:: 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Driver:: 
ldiskl 
lflpydis


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 sportzdude1213

sportzdude1213
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 12 June 2009 - 11:54 AM

ComboFix 09-06-10.02 - Ed 06/12/2009 12:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1705 [GMT -4:00]
Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ed\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\docume~1\Ed\LOCALS~1\Temp\ldiskl.sys"
"c:\docume~1\Ed\LOCALS~1\Temp\lflpydis.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LDISKL
-------\Legacy_LFLPYDIS
-------\Service_ldiskl
-------\Service_lflpydis


((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-11 03:06 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-11 03:06 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-11 03:06 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-11 03:06 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-11 03:06 . 2009-06-11 03:06 -------- d-----w- c:\program files\Avira
2009-06-11 03:06 . 2009-06-11 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-11 00:19 . 2009-06-11 00:19 -------- d-----w- c:\program files\ESET
2009-06-11 00:16 . 2009-06-11 00:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 22:55 . 2009-06-10 22:55 -------- d-----w- c:\program files\Trend Micro
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\documents and settings\Ed\Application Data\Malwarebytes
2009-06-10 21:31 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 21:31 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 16:17 . 2009-06-10 16:17 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-10 15:15 . 2009-06-10 15:15 -------- d-----w- c:\program files\LSoft Technologies
2009-06-10 15:12 . 2009-06-10 16:17 -------- d-----w- c:\program files\Ask.com
2009-06-10 15:12 . 2009-06-10 15:12 -------- d-----w- c:\program files\Smart Projects
2009-06-10 13:34 . 2009-06-10 14:58 -------- d-----w- c:\documents and settings\Ed\Application Data\Download Manager
2009-06-09 01:43 . 2009-06-09 01:44 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-09 01:43 . 2009-06-09 01:43 -------- d-----w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab
2009-06-08 21:20 . 2009-06-08 21:20 -------- d-----w- c:\program files\Guitar Pro 5
2009-06-08 16:02 . 2009-06-08 16:02 -------- d-----w- c:\program files\iPod
2009-06-08 16:01 . 2009-06-08 16:02 -------- d-----w- c:\program files\iTunes
2009-06-08 16:01 . 2009-06-08 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-08 16:01 . 2009-06-08 16:01 -------- d-----w- c:\program files\Bonjour
2009-06-08 15:59 . 2009-06-08 16:01 -------- d-----w- c:\program files\Common Files\Apple
2009-06-08 15:59 . 2009-06-08 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-08 01:03 . 2006-08-15 15:42 200704 ----a-w- c:\windows\system32\UpdateDriver.exe
2009-06-08 01:02 . 2009-06-08 01:02 -------- d-----w- c:\program files\Belkin
2009-06-08 01:02 . 2009-06-08 01:02 -------- d-----w- c:\documents and settings\Ed\Application Data\InstallShield
2009-06-06 21:43 . 2009-06-06 21:43 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-06 21:43 . 2009-06-06 21:43 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-06 21:43 . 2009-06-06 21:43 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-06 21:18 . 2009-06-06 21:44 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-06 21:18 . 2009-06-06 21:44 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-06 21:17 . 2009-06-10 16:18 761888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-06 21:17 . 2009-06-10 16:18 4659232 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-06 21:17 . 2009-06-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-06 21:17 . 2009-06-06 21:17 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-06 21:08 . 2009-06-06 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-05 19:00 . 2004-08-04 03:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-05 19:00 . 2004-08-04 03:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-30 16:50 . 2009-05-30 16:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 16:49 . 2008-04-27 02:58 -------- d-----w- c:\program files\Steam
2009-06-11 00:15 . 2006-08-24 21:52 -------- d-----w- c:\program files\Java
2009-06-10 16:23 . 2004-10-02 15:26 21568 ----a-w- c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 16:18 . 2009-06-06 21:17 37480 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-10 16:18 . 2009-06-06 21:17 3684 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-10 15:15 . 2004-01-02 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 22:23 . 2003-12-27 19:16 -------- d-----w- c:\program files\QuickTime
2009-06-08 16:22 . 2006-10-27 01:00 -------- d-----w- c:\documents and settings\Ed\Application Data\Free Download Manager
2009-06-08 16:01 . 2006-08-07 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-06 21:45 . 2008-01-29 21:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-05 20:41 . 2003-12-27 19:14 -------- d-----w- c:\program files\Common Files\AOL
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2005-02-02 05:21 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-11_13.44.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-12 16:49 . 2009-06-12 16:49 16384 c:\windows\Temp\Perflib_Perfdata_290.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [BU]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-10 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-01-11 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
path=c:\documents and settings\Ed\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\ayeonea1\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:UDP"= 9000:UDP:9000
"9001:UDP"= 9001:UDP:9001
"9002:UDP"= 9002:UDP:9002
"9003:UDP"= 9003:UDP:9003
"9004:UDP"= 9004:UDP:9004
"9005:UDP"= 9005:UDP:9005
"9006:UDP"= 9006:UDP:9006
"9007:UDP"= 9007:UDP:9007
"9008:UDP"= 9008:UDP:9008
"9009:UDP"= 9009:UDP:9009
"9010:UDP"= 9010:UDP:9010
"2900:UDP"= 2900:UDP:2900
"2901:UDP"= 2901:UDP:2901
"2902:UDP"= 2902:UDP:2902
"2903:UDP"= 2903:UDP:2903
"2904:UDP"= 2904:UDP:2904
"2905:UDP"= 2905:UDP:2905
"2906:UDP"= 2906:UDP:2906
"2907:UDP"= 2907:UDP:2907
"2908:UDP"= 2908:UDP:2908
"2909:UDP"= 2909:UDP:2909
"2910:UDP"= 2910:UDP:2910
"26000:TCP"= 26000:TCP:Eve

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [7/8/2006 9:56 PM 13696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/10/2009 11:06 PM 108289]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" --> c:\program files\Windows Defender\MsMpEng.exe [?]
S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [5/2/2004 6:25 PM 20864]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = <local>
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 12:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-06-12 12:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-12 16:53
ComboFix2.txt 2009-06-11 13:48

Pre-Run: 40,627,593,216 bytes free
Post-Run: 40,669,515,776 bytes free

205 --- E O F --- 2007-08-30 00:56








VirSCAN.org Scanned Report :
Scanned time : 2009/06/05 00:31:50 (EDT)
Scanner results: 79% Scanner(30/38) found malware!
File Name : 1.html
File Size : 4037 byte
File Type : Sendmail frozen configuration - version body bgcolor=
MD5 : 4a2514195555a43458b4e087d29124be
SHA1 : e96f20c01c95b12a6cf9992b1e16deaac5ca025c
Online report : http://virscan.org/report/e8541b64f8b1bb1c...5aa9dfd4d2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090604013225 2009-06-04 2.05 Virus.Win32.Killmbr.D!IK
AhnLab V3 2009.06.05.00 2009.06.05 2009-06-05 0.74 Win-Trojan/Dialer.712704.B
AntiVir 8.2.0.180 7.1.4.59 2009-06-04 0.55 KIT/GhostDial.1
Antiy 2.0.18 20090604.2498051 2009-06-04 0.15 Trojan/Win32.Dialer.gvg
Arcavir 2009 200906041608 2009-06-04 0.39 Dialer.Bib
Authentium 5.1.1 200906041652 2009-06-04 1.18 W32/Trojan2.DOJN (Exact)
AVAST! 4.7.4 090604-0 2009-06-04 0.05 Win32:Dialer-1314 [Trj]
AVG 8.5.286 270.12.53/2155 2009-06-05 0.37 Dialer.KNV
BitDefender 7.81008.3335505 7.25811 2009-06-05 0.75 Trojan.Generic.1004008
CA (VET) 9.0.0.143 31.6.6539 2009-06-05 9.17 -
ClamAV 0.95.1 9421 2009-06-05 0.18 Dialer-3765
Comodo 3.9 1259 2009-06-04 0.74 ApplicUnwnt.Win32.PornTool.Agent.fi
CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 -
Dr.Web 4.44.0.9170 2009.06.05 2009-06-05 4.85 BackDoor.Pigeon.12989
F-Prot 4.4.4.56 20090604 2009-06-04 1.15 W32/Trojan2.DOJN (exact)
F-Secure 5.51.6100 2009.06.05.03 2009-06-05 5.79 -
Fortinet 2.81-3.117 10.466 2009-06-04 0.35 Suspicious
GData 19.5615/19.353 20090605 2009-06-05 4.39 Win32:Dialer-1313 [Trj] [Engine:B]
ViRobot 20090604 2009.06.04 2009-06-04 0.42 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.11 Virus.Win32.Killmbr.D
JiangMin 11.0.706 2009.06.03 2009-06-03 2.07 Trojan/Dialer.gnc
Kaspersky 5.5.10 2009.06.05 2009-06-05 0.08 not-a-virus:Porn-Dialer.Win32.Agent.fi
KingSoft 2009.2.5.15 2009.6.4.21 2009-06-04 0.51 Win32.Hack.ReSSDT.c.716800
McAfee 5.3.00 5636 2009-06-04 2.97 BackDoor-DSQ
Microsoft 1.4701 2009.06.04 2009-06-04 4.29 Backdoor:Win32/Farfli.J
mks_vir 2.01 2009.06.05 2009-06-05 3.35 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 W32/Dialer.DHRP
Panda 9.05.01 2009.06.04 2009-06-04 1.86 -
Trend Micro 8.700-1004 6.170.08 2009-06-04 0.06 TROJ_DIAL.RHB
Quick Heal 10.00 2009.06.05 2009-06-05 1.37 -
Rising 20.0 21.32.34.00 2009-06-04 0.99 Backdoor.Win32.Drwolf.axh
Sophos 2.87.1 4.42 2009-06-05 2.44 Mal/Whybo-A
Sunbelt 5170 5170 2009-06-04 0.94 Porn-Dialer.Win32.Agent.fi
Symantec 1.3.0.24 20090604.002 2009-06-04 0.06 -
nProtect 20090604.01 4070376 2009-06-04 5.23 Trojan/W32.Dialer.712704
The Hacker 6.3.4.3 v00340 2009-06-04 0.63 Trojan/Dialer.Agent.fi
VBA32 3.12.10.6 20090604.1412 2009-06-04 1.96 Porn-Dialer.Win32.Agent.fi
VirusBuster 4.5.11.10 10.107.2/1575686 2009-06-04 1.90 Dialer.Agent.IFEU

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:59 PM

Posted 12 June 2009 - 12:21 PM

Hi sportzdude1213,

You need to disable your Alvira Antivirus before running ComboFix, as it will prevent it from running.

To disable Avira Antivirus:
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Posted Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Posted Image )
You succesfully disabled the AntiVir Guard.



Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

File:: 
c:\windows\system32\drivers\BIOS.sys 
Driver:: 
BIOS


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 sportzdude1213

sportzdude1213
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 12 June 2009 - 01:33 PM

ComboFix 09-06-12.01 - Ed 06/12/2009 14:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1512 [GMT -4:00]
Running from: c:\documents and settings\Ed\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ed\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\system32\drivers\BIOS.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\BIOS.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BIOS
-------\Service_BIOS


((((((((((((((((((((((((( Files Created from 2009-05-12 to 2009-06-12 )))))))))))))))))))))))))))))))
.

2009-06-11 03:06 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-11 03:06 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-11 03:06 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-11 03:06 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-11 03:06 . 2009-06-11 03:06 -------- d-----w- c:\program files\Avira
2009-06-11 03:06 . 2009-06-11 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-11 00:19 . 2009-06-11 00:19 -------- d-----w- c:\program files\ESET
2009-06-11 00:16 . 2009-06-11 00:15 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 22:55 . 2009-06-10 22:55 -------- d-----w- c:\program files\Trend Micro
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\documents and settings\Ed\Application Data\Malwarebytes
2009-06-10 21:31 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 21:31 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 16:17 . 2009-06-10 16:17 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-10 15:15 . 2009-06-10 15:15 -------- d-----w- c:\program files\LSoft Technologies
2009-06-10 15:12 . 2009-06-10 16:17 -------- d-----w- c:\program files\Ask.com
2009-06-10 15:12 . 2009-06-10 15:12 -------- d-----w- c:\program files\Smart Projects
2009-06-10 13:34 . 2009-06-10 14:58 -------- d-----w- c:\documents and settings\Ed\Application Data\Download Manager
2009-06-09 01:43 . 2009-06-09 01:44 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-09 01:43 . 2009-06-09 01:43 290816 ----a-w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-09 01:43 . 2009-06-09 01:43 -------- d-----w- c:\documents and settings\Ed\Application Data\SystemRequirementsLab
2009-06-08 21:20 . 2009-06-08 21:20 -------- d-----w- c:\program files\Guitar Pro 5
2009-06-08 16:02 . 2009-06-08 16:02 -------- d-----w- c:\program files\iPod
2009-06-08 16:01 . 2009-06-08 16:02 -------- d-----w- c:\program files\iTunes
2009-06-08 16:01 . 2009-06-08 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-08 16:01 . 2009-06-08 16:01 -------- d-----w- c:\program files\Bonjour
2009-06-08 15:59 . 2009-06-08 16:01 -------- d-----w- c:\program files\Common Files\Apple
2009-06-08 15:59 . 2009-06-08 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-08 01:03 . 2006-08-15 15:42 200704 ----a-w- c:\windows\system32\UpdateDriver.exe
2009-06-08 01:02 . 2009-06-08 01:02 -------- d-----w- c:\program files\Belkin
2009-06-08 01:02 . 2009-06-08 01:02 -------- d-----w- c:\documents and settings\Ed\Application Data\InstallShield
2009-06-06 21:43 . 2009-06-06 21:43 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-06-06 21:43 . 2009-06-06 21:43 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-06 21:43 . 2009-06-06 21:43 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-06 21:18 . 2009-06-06 21:44 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-06 21:18 . 2009-06-06 21:44 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-06 21:17 . 2009-06-10 16:18 761888 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-06 21:17 . 2009-06-10 16:18 4659232 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-06 21:17 . 2009-06-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-06 21:17 . 2009-06-06 21:17 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-06 21:08 . 2009-06-06 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-05 19:00 . 2004-08-04 03:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-05 19:00 . 2004-08-04 03:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-05-30 16:50 . 2009-05-30 16:50 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 18:28 . 2008-04-27 02:58 -------- d-----w- c:\program files\Steam
2009-06-11 00:15 . 2006-08-24 21:52 -------- d-----w- c:\program files\Java
2009-06-10 16:23 . 2004-10-02 15:26 21568 ----a-w- c:\documents and settings\Ed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 16:18 . 2009-06-06 21:17 37480 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-10 16:18 . 2009-06-06 21:17 3684 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-10 15:15 . 2004-01-02 15:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-08 22:23 . 2003-12-27 19:16 -------- d-----w- c:\program files\QuickTime
2009-06-08 16:22 . 2006-10-27 01:00 -------- d-----w- c:\documents and settings\Ed\Application Data\Free Download Manager
2009-06-08 16:01 . 2006-08-07 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-06 21:45 . 2008-01-29 21:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-05 20:41 . 2003-12-27 19:14 -------- d-----w- c:\program files\Common Files\AOL
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 20:32 . 2005-02-02 05:21 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-11_13.44.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-12 18:27 . 2009-06-12 18:27 16384 c:\windows\Temp\Perflib_Perfdata_288.dat
+ 2009-06-12 18:19 . 2009-06-12 18:18 388608 c:\windows\system32\CF26425.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [BU]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-10 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-31 1654784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-11 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2006-01-11 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
path=c:\documents and settings\Ed\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNKStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\_aunchPad.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\SteamApps\\ayeonea1\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:UDP"= 9000:UDP:9000
"9001:UDP"= 9001:UDP:9001
"9002:UDP"= 9002:UDP:9002
"9003:UDP"= 9003:UDP:9003
"9004:UDP"= 9004:UDP:9004
"9005:UDP"= 9005:UDP:9005
"9006:UDP"= 9006:UDP:9006
"9007:UDP"= 9007:UDP:9007
"9008:UDP"= 9008:UDP:9008
"9009:UDP"= 9009:UDP:9009
"9010:UDP"= 9010:UDP:9010
"2900:UDP"= 2900:UDP:2900
"2901:UDP"= 2901:UDP:2901
"2902:UDP"= 2902:UDP:2902
"2903:UDP"= 2903:UDP:2903
"2904:UDP"= 2904:UDP:2904
"2905:UDP"= 2905:UDP:2905
"2906:UDP"= 2906:UDP:2906
"2907:UDP"= 2907:UDP:2907
"2908:UDP"= 2908:UDP:2908
"2909:UDP"= 2909:UDP:2909
"2910:UDP"= 2910:UDP:2910
"26000:TCP"= 26000:TCP:Eve

S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [5/2/2004 6:25 PM 20864]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = <local>
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-12 14:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\system32\CF26425.exe
.
**************************************************************************
.
Completion time: 2009-06-12 14:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-12 18:32
ComboFix2.txt 2009-06-12 16:53
ComboFix3.txt 2009-06-11 13:48

Pre-Run: 40,608,030,720 bytes free
Post-Run: 40,597,458,944 bytes free

203 --- E O F --- 2007-08-30 00:56

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:02:59 PM

Posted 12 June 2009 - 01:36 PM

Looks much better. :thumbup2:

Please disable any running anti-virus program before running Kaspersky Online Scanner.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Close any open browsers

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 sportzdude1213

sportzdude1213
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 12 June 2009 - 02:03 PM

I wasn't watching my computer but my computer automatically reset I think after the installation process, and now the internet scanner won't work, the installation automatically skips to 100% then shows this error:


Program has failed to start. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.



[ERROR: java.lang.NullPointerException]






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users