-
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 60032E00 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateEvent + 5 7C90D093 5 Bytes JMP 60032F0E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 60032E32 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 60033008 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateMutant + 5 7C90D113 1 Byte [E9]
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateMutant + 5 7C90D113 5 Bytes JMP 60032F18 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 60032FF4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 60032E5A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateSection + 5 7C90D183 5 Bytes JMP 60032E0A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 60032FC2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 60032FAE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 60032FA4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 60032F72 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 60032F04 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 60032E1E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 60032FB8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 60033012 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 60032FEA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtOpenSection + 5 7C90D633 5 Bytes JMP 60032E14 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 60032FFE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 60032F9A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 60032E64 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 60032F90 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 60032E28 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtWriteFile + 5 7C90DF83 5 Bytes JMP 60032F68 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 60032FD6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 60032EAA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 60032E82 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 60032EF0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 60032F5E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 60032EDC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 60032EA0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 60032E96 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6003301C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 60032EB4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 60032EC8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 60032E3C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 60032E8C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6003303A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 60032ED2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 60032E6E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 60032E78 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 60032FCC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 60033026 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 60032EFA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 60032F7C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 60032EBE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 60032E50 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 60032E46 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!PulseEvent 7C82C06E 5 Bytes JMP 60033044 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 60032F54 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 60032F86 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 60033030 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CheckRemoteDebuggerPresent 7C85AAF2 5 Bytes JMP 60032F22 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 60032FE0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 60032EE6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 60032F40 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 60032F4A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 60032F2C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 60032F36 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 6003304E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 60033076 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 60033094 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 60033080 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 600330A8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 6003309E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 60033062 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 6003306C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 6003308A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 60033116 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 6003312A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 60033058 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 6003310C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 60033134 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 60033120 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 6003313E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 60032E00 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateEvent + 5 7C90D093 5 Bytes JMP 60032F0E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 60032E32 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 60033008 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateMutant + 5 7C90D113 1 Byte [E9]
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateMutant + 5 7C90D113 5 Bytes JMP 60032F18 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 60032FF4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 60032E5A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateSection + 5 7C90D183 5 Bytes JMP 60032E0A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 60032FC2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 60032FAE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 60032FA4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 60032F72 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 60032F04 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 60032E1E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 60032FB8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 60033012 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 60032FEA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtOpenSection + 5 7C90D633 5 Bytes JMP 60032E14 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 60032FFE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 60032F9A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 60032E64 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 60032F90 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 60032E28 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtWriteFile + 5 7C90DF83 5 Bytes JMP 60032F68 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 60032FD6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 60032EAA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 60032E82 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 60032EF0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 60032F5E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 60032EDC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 60032EA0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 60032E96 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6003301C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 60032EB4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 60032EC8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 60032E3C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 60032E8C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6003303A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 60032ED2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 60032E6E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 60032E78 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 60032FCC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 60033026 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 60032EFA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 60032F7C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 60032EBE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 60032E50 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 60032E46 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!PulseEvent 7C82C06E 5 Bytes JMP 60033044 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 60032F54 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 60032F86 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 60033030 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CheckRemoteDebuggerPresent 7C85AAF2 5 Bytes JMP 60032F22 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 60032FE0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 60032EE6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 60032F40 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 60032F4A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 60032F2C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 60032F36 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 6003308A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 6003309E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 6003304E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 60033080 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 600330A8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 60033094 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 600330B2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 60033058 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 600330D0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 600330EE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 600330DA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 60033102 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 600330F8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 600330BC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 600330C6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 600330E4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 6003310C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 60033116 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 60033062 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] SHELL32.dll!StrStrW + FFE4A90C 7C9E74E6 5 Bytes JMP 6003306C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 5 Bytes JMP 60033120 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!WEP + FFFEF156 71AB1273 5 Bytes JMP 60033076 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 6003313E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 60033152 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!send 71AB4C27 5 Bytes JMP 6003312A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 60033148 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 60033134 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
-
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???F?????F??????????????????????????????????ot???E?F?F?F?E?E?E?F?F?F?F?Erf????8??F???????t???F??????????????Calls?Calls Per Second?Calls Outstanding?Calls Failed?Call Failed Per Second?Calls Faulted?Calls Faulted Per Second?Calls Duration?Calls Duration Base?Transactions Flowed?Transactions Flowed Per Second?Security Validation and Authentication Failures?Security Validation and Authentication Failures Per Second?Security Calls Not Authorized?Security Calls Not Authorized Per Second??d???????????}???????s??7-1-2001?}??? ?????????????m?????=??????????Z???????????? ?????????????F?????=???????????????????????????????E???F??Calls?Calls Per Second?Calls Outstanding?Calls Failed?Calls Failed Per Second?Calls Faulted?Calls Faulted Per Second?Calls Duration?Calls Duration Base?Transactions Flowed?Transactions Flowed Per Second?Security Validation and Authentication Failures?Security Validation and Authentication Failures Per Second?Security Calls Not Authorized?Security Calls Not Authorized Per Second?Reliable Messa
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----
-
Sorry but it wouldn't let me attach it without zipping it and downloading a new zip program is a problem right now.
-
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
-
Combo Fix Log
ComboFix 09-12-08.07 - All 12/09/2009 11:18:30.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.537 [GMT -8:00]
Running from: c:\documents and settings\All\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\image ax object
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\kb913800.exe
H:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.
2009-12-04 21:41 . 2009-12-04 21:41 -------- d-----w- c:\program files\ERUNT
2009-12-04 21:30 . 2009-12-04 21:30 -------- d-----w- c:\program files\Trend Micro
2009-12-04 14:45 . 2009-12-04 14:45 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-04 14:45 . 2009-12-04 14:45 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-03 06:36 . 2009-12-04 05:03 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-03 02:07 . 2009-12-03 02:07 0 ----a-w- C:\pcwords2.dat
2009-12-03 02:07 . 2009-12-03 02:07 0 ----a-w- C:\pcwords.dat
2009-12-03 01:53 . 2009-12-03 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-12-03 01:53 . 2009-12-03 01:53 -------- d-----w- c:\program files\BitDefender
2009-12-03 01:53 . 2009-12-03 01:53 -------- d-----w- c:\documents and settings\All\Application Data\BitDefender
2009-12-03 01:45 . 2009-12-03 01:54 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-03 01:26 . 2009-12-03 01:29 -------- d-----w- c:\documents and settings\All\Application Data\QuickScan
2009-12-03 01:26 . 2009-11-27 01:39 678912 ----a-w- c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-03 01:26 . 2009-11-27 01:37 768512 ----a-w- c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-03 01:18 . 2009-12-03 01:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-11 01:04 . 2009-11-11 01:04 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-11-11 01:03 . 2009-11-11 01:03 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-09 19:31 . 2008-06-13 22:06 -------- d-----w- c:\program files\Steam
2009-12-09 00:21 . 2007-05-23 21:53 2999 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2009-12-08 21:27 . 2009-03-31 22:27 -------- d-----w- c:\documents and settings\All\Application Data\LimeWire
2009-12-04 19:16 . 2006-07-19 02:33 44102 ----a-w- c:\documents and settings\All\Application Data\wklnhst.dat
2009-12-04 05:02 . 2006-08-14 23:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 01:51 . 2008-01-04 22:47 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-11-20 01:57 . 2006-07-20 14:12 -------- d-----w- c:\program files\Electronic Arts
2009-11-20 01:56 . 2006-07-19 19:25 -------- d-----w- c:\program files\EA GAMES
2009-11-15 23:51 . 2006-11-03 01:13 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-03 08:05 . 2008-08-01 07:26 21768 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\NewFeatures\.update\.target\ippeupdt.dll
2009-11-03 08:05 . 2008-08-01 07:26 1897736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\NewFeatures\.update\.target\ppeupdt.dll
2009-11-03 08:05 . 2008-08-01 07:26 1303816 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\NewFeatures\.update\.target\ppecore.dll
2009-10-28 18:01 . 2006-07-25 22:07 -------- d-----w- c:\documents and settings\All\Application Data\Apple Computer
2009-10-28 17:56 . 2009-10-28 17:54 -------- d-----w- c:\program files\iTunes
2009-10-28 17:56 . 2009-10-28 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-28 17:54 . 2009-10-28 17:54 -------- d-----w- c:\program files\iPod
2009-10-28 17:54 . 2007-07-08 16:14 -------- d-----w- c:\program files\Common Files\Apple
2009-10-28 17:52 . 2009-10-28 17:51 -------- d-----w- c:\program files\QuickTime
2009-10-28 17:42 . 2009-10-28 17:42 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-15 10:04 . 2006-06-17 18:40 -------- d-----w- c:\program files\Microsoft Works
2009-10-02 09:08 . 2007-07-13 12:50 816392 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch2.exe
2009-09-11 14:18 . 2005-08-16 08:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-20 02:59 . 2009-12-03 02:02 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-12-09 00:20 . 2007-05-23 21:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\steam\steam.exe" [2009-10-27 1217808]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.1\masqform.exe" [2004-04-19 634880]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-08-10 319488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-10 185896]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-10-23 1118144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
-
Log part 2
c:\documents and settings\All\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-4-9 972064]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitDefender\\BitDefender 2010\\vsserv.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 3:31 PM 161064]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [11/10/2009 5:04 PM 152456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 4:06 PM 183880]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Softnyx\RakionIS\Bin\GameGuard\dump_wmimmc.sys --> c:\program files\Softnyx\RakionIS\Bin\GameGuard\dump_wmimmc.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/17/2006 10:45 AM 30192]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [7/18/2006 1:40 PM 99840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?.home=ytie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Search - ?p=ZNfox000
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SharedTaskScheduler-{34da5b3a-7682-4cc9-a854-9a663f97852c} - c:\windows\system32\gagavosu.dll
SharedTaskScheduler-{d8cfd8f8-bafd-49e2-9316-34252645d0f5} - c:\windows\system32\nipuwoku.dll
SSODL-kipifakiy-{34da5b3a-7682-4cc9-a854-9a663f97852c} - c:\windows\system32\gagavosu.dll
SSODL-miwuhosug-{d8cfd8f8-bafd-49e2-9316-34252645d0f5} - c:\windows\system32\nipuwoku.dll
AddRemove-12133444-BF36-4d4e-B7FB-A3424C645DE4 - c:\program files\GemMaster\uninstallgemmaster.exe
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-Hoyle Card Games 4 - c:\windows\IsUninst.exe -fc:\sierra\Hoyle Card Games 4\Uninst.isu
AddRemove-Network Play System (Patching) - c:\windows\IsUninst.exe -fc:\program files\Electronic Arts\Network Play System\NPSPatch.isu
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
AddRemove-The Sims - c:\windows\IsUninst.exe -fc:\program files\Maxis\The Sims\Uninst.isu
AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-{2A9F95AB-65A3-432c-8631-B8BC5BF7477A} - c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
AddRemove-{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E} - c:\program files\Electronic Arts\The Lord of the Rings
AddRemove-{962E05CF-3394-496D-0091-850CF1762F6B} - c:\program files\EA GAMES\The Battle for Middle-earth (tm)\EAUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-09 11:28
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3208)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
.
**************************************************************************
.
Completion time: 2009-12-09 11:39:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-09 19:39
Pre-Run: 40,358,903,808 bytes free
Post-Run: 40,555,470,848 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 639A12649635890CB8966CF12F8988B0
-
Post a fresh dds log too, please. Is H: drive external drive or system recovery partition?
-
H: is an external Hard Drive
Here is the DDS log -
DDS (Ver_09-09-29.01) - NTFSx86
Run by All at 12:04:58.49 on Thu 12/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.510 [GMT -8:00]
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\All\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/?.home=ytie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)"
-"http://www8.agame.com/games/shockwave/d/dance_trends_3d/dance_trends_3d_girlsgogames_com.htm"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.1\masqform.exe /RegServer -UpdateCurrentUser
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
StartupFolder: c:\docume~1\all\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common
files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Search - ?p=ZNfox000
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta
search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178750942250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\all\applic~1\mozilla\firefox\profiles\xysggp8w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\all\application
data\mozilla\firefox\profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\all\application
data\mozilla\firefox\profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -
c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla
firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla
firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-11-10 152456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19
183880]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\softnyx\rakionis\bin\gameguard\dump_wmimmc.sys --> c:\program
files\softnyx\rakionis\bin\gameguard\dump_wmimmc.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe
[2006-6-17 30192]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2006-7-18 99840]
S3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [2007-8-22 461312]
=============== Created Last 30 ================
2009-12-09 11:14 <DIR> a-dshr-- C:\cmdcons
2009-12-09 11:13 261,632 a------- c:\windows\PEV.exe
2009-12-09 11:13 161,792 a------- c:\windows\SWREG.exe
2009-12-09 11:13 98,816 a------- c:\windows\sed.exe
2009-12-09 11:13 77,312 a------- c:\windows\MBR.exe
2009-12-04 13:30 <DIR> --d----- c:\program files\Trend Micro
2009-12-04 06:45 0 a------- c:\windows\system32\ab_bl.sig
2009-12-04 06:45 4 a------- c:\windows\system32\aspdict-en.dat
2009-12-04 06:45 16 a------- c:\windows\system32\asdict.dat
2009-12-03 21:05 385 a------- c:\windows\system32\user_gensett.xml
2009-12-02 22:36 132 a------- c:\windows\system32\rezumatenoi.dat
2009-12-02 18:07 0 a------- C:\pcwords2.dat
2009-12-02 18:07 0 a------- C:\pcwords.dat
2009-12-02 18:07 0 a------- C:\pc_sign.slf
2009-12-02 18:07 0 a------- C:\pcconf.ini
2009-12-02 17:53 <DIR> --d----- c:\program files\BitDefender
2009-12-02 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-12-02 17:53 <DIR> --d----- c:\docume~1\all\applic~1\BitDefender
2009-12-02 17:45 <DIR> --d----- c:\program files\common files\BitDefender
2009-12-02 17:26 <DIR> --d----- c:\docume~1\all\applic~1\QuickScan
2009-11-10 17:04 152,456 a------- c:\windows\system32\drivers\bdfm.sys
2009-11-10 17:03 105,736 a------- c:\windows\system32\drivers\bdhv.sys
==================== Find3M ====================
2009-12-09 12:48 44,198 a------- c:\docume~1\all\applic~1\wklnhst.dat
2009-10-22 01:19 5,939,712 -------- c:\windows\system32\dllcache\mshtml.dll
2009-08-14 15:09 79,648 a------- c:\docume~1\all\applic~1\GDIPFONTCACHEV1.DAT
2008-05-26 12:34 32,768 a--sh--- c:\windows\system32\config\systemprofile\local
settings\history\history.ie5\mshist012008052620080527\index.dat
============= FINISH: 12:07:43.91 ===============
-
Hi,
Please disable word wrap in notepad to make next logs appear in more readable format.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File::
c:\windows\system32\rezumatenoi.dat
Folder::
c:\documents and settings\All\Application Data\LimeWire
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v6...FScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Uninstall your current Adobe shockwave player and get the fresh one here if needed.
Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
-
Kaspersky Scan
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, December 11, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, December 11, 2009 18:49:23
Records in database: 3359532
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
H:\
Scan statistics:
Objects scanned: 160642
Threats found: 3
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 03:52:47
File name / Threat / Threats count
C:\Documents and Settings\All\Application Data\Sun\Java\Deployment\cache\6.0\43\2f3e9deb-461901ec Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\All\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-33de268c Infected: Trojan-Downloader.Java.Agent.f 1
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP898\A0813320.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP898\A0813321.dll Infected: Packed.Win32.TDSS.aa 1
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP898\A0813322.dll Infected: Packed.Win32.TDSS.aa 1
Selected area has been scanned.