Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 32

Thread: virtumonde.dll Help

  1. 2009-12-09, 02:26 #11
    meathook
    meathook is offline
    Junior Member
    Join Date
    Dec 2009
    Posts
    22

    Default

    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 60032E00 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateEvent + 5 7C90D093 5 Bytes JMP 60032F0E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 60032E32 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 60033008 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateMutant + 5 7C90D113 1 Byte [E9]
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateMutant + 5 7C90D113 5 Bytes JMP 60032F18 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 60032FF4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 60032E5A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateSection + 5 7C90D183 5 Bytes JMP 60032E0A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 60032FC2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 60032FAE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 60032FA4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 60032F72 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 60032F04 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 60032E1E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 60032FB8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 60033012 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 60032FEA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtOpenSection + 5 7C90D633 5 Bytes JMP 60032E14 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 60032FFE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 60032F9A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 60032E64 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 60032F90 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 60032E28 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtWriteFile + 5 7C90DF83 5 Bytes JMP 60032F68 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 60032FD6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 60032EAA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 60032E82 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 60032EF0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 60032F5E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 60032EDC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 60032EA0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 60032E96 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6003301C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 60032EB4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 60032EC8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 60032E3C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 60032E8C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6003303A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 60032ED2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 60032E6E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 60032E78 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 60032FCC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 60033026 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 60032EFA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 60032F7C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 60032EBE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 60032E50 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 60032E46 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!PulseEvent 7C82C06E 5 Bytes JMP 60033044 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 60032F54 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 60032F86 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 60033030 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CheckRemoteDebuggerPresent 7C85AAF2 5 Bytes JMP 60032F22 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 60032FE0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 60032EE6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 60032F40 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 60032F4A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 60032F2C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 60032F36 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 6003304E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 60033076 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 60033094 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 60033080 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 600330A8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 6003309E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 60033062 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 6003306C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 6003308A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 60033116 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 6003312A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 60033058 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 6003310C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 60033134 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 60033120 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\Documents and Settings\All\Desktop\w3pi4hm7.exe[3032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 6003313E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 60032E00 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateEvent + 5 7C90D093 5 Bytes JMP 60032F0E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 60032E32 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 60033008 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateMutant + 5 7C90D113 1 Byte [E9]
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateMutant + 5 7C90D113 5 Bytes JMP 60032F18 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 60032FF4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 60032E5A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateSection + 5 7C90D183 5 Bytes JMP 60032E0A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 60032FC2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 60032FAE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 60032FA4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 60032F72 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 60032F04 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 60032E1E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 60032FB8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 60033012 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 60032FEA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtOpenSection + 5 7C90D633 5 Bytes JMP 60032E14 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 60032FFE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 60032F9A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 60032E64 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 60032F90 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 60032E28 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtWriteFile + 5 7C90DF83 5 Bytes JMP 60032F68 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 60032FD6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 60032EAA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 60032E82 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 60032EF0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 60032F5E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 60032EDC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 60032EA0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 60032E96 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 6003301C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 60032EB4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 60032EC8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 60032E3C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 60032E8C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 6003303A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 60032ED2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 60032E6E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 60032E78 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 60032FCC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 60033026 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 60032EFA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 60032F7C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 60032EBE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 60032E50 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 60032E46 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!PulseEvent 7C82C06E 5 Bytes JMP 60033044 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 60032F54 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 60032F86 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 60033030 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CheckRemoteDebuggerPresent 7C85AAF2 5 Bytes JMP 60032F22 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 60032FE0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 60032EE6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 60032F40 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 60032F4A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 60032F2C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 60032F36 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 6003308A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 6003309E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 6003304E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 60033080 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 600330A8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 60033094 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 600330B2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 60033058 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 600330D0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 600330EE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 600330DA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 60033102 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 600330F8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 600330BC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 600330C6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 600330E4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 6003310C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 60033116 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 60033062 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] SHELL32.dll!StrStrW + FFE4A90C 7C9E74E6 5 Bytes JMP 6003306C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 5 Bytes JMP 60033120 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!WEP + FFFEF156 71AB1273 5 Bytes JMP 60033076 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 6003313E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 60033152 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!send 71AB4C27 5 Bytes JMP 6003312A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 60033148 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
    .text C:\BOOKINGCENTER\OMNIS7.exe[3048] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 60033134 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
  2. 2009-12-09, 02:27 #12
    meathook
    meathook is offline
    Junior Member
    Join Date
    Dec 2009
    Posts
    22

    Default

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???F?????F??????????????????????????????????ot???E?F?F?F?E?E?E?F?F?F?F?Erf????8??F???????t???F??????????????Calls?Calls Per Second?Calls Outstanding?Calls Failed?Call Failed Per Second?Calls Faulted?Calls Faulted Per Second?Calls Duration?Calls Duration Base?Transactions Flowed?Transactions Flowed Per Second?Security Validation and Authentication Failures?Security Validation and Authentication Failures Per Second?Security Calls Not Authorized?Security Calls Not Authorized Per Second??d???????????}???????s??7-1-2001?}??? ?????????????m?????=??????????Z???????????? ?????????????F?????=???????????????????????????????E???F??Calls?Calls Per Second?Calls Outstanding?Calls Failed?Calls Failed Per Second?Calls Faulted?Calls Faulted Per Second?Calls Duration?Calls Duration Base?Transactions Flowed?Transactions Flowed Per Second?Security Validation and Authentication Failures?Security Validation and Authentication Failures Per Second?Security Calls Not Authorized?Security Calls Not Authorized Per Second?Reliable Messa

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

    ---- EOF - GMER 1.0.15 ----
  3. 2009-12-09, 02:29 #13
    meathook
    meathook is offline
    Junior Member
    Join Date
    Dec 2009
    Posts
    22

    Default

    Sorry but it wouldn't let me attach it without zipping it and downloading a new zip program is a problem right now.
  4. 2009-12-09, 07:57 #14
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.


    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2009-12-09, 20:44 #15
    meathook
    meathook is offline
    Junior Member
    Join Date
    Dec 2009
    Posts
    22

    Default Combo Fix Log

    ComboFix 09-12-08.07 - All 12/09/2009 11:18:30.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.537 [GMT -8:00]
    Running from: c:\documents and settings\All\Desktop\ComboFix.exe
    AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\image ax object
    c:\windows\Downloaded Program Files\poPCaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\kb913800.exe
    H:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
    .

    2009-12-04 21:41 . 2009-12-04 21:41 -------- d-----w- c:\program files\ERUNT
    2009-12-04 21:30 . 2009-12-04 21:30 -------- d-----w- c:\program files\Trend Micro
    2009-12-04 14:45 . 2009-12-04 14:45 4 ----a-w- c:\windows\system32\aspdict-en.dat
    2009-12-04 14:45 . 2009-12-04 14:45 16 ----a-w- c:\windows\system32\asdict.dat
    2009-12-03 06:36 . 2009-12-04 05:03 132 ----a-w- c:\windows\system32\rezumatenoi.dat
    2009-12-03 02:07 . 2009-12-03 02:07 0 ----a-w- C:\pcwords2.dat
    2009-12-03 02:07 . 2009-12-03 02:07 0 ----a-w- C:\pcwords.dat
    2009-12-03 01:53 . 2009-12-03 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
    2009-12-03 01:53 . 2009-12-03 01:53 -------- d-----w- c:\program files\BitDefender
    2009-12-03 01:53 . 2009-12-03 01:53 -------- d-----w- c:\documents and settings\All\Application Data\BitDefender
    2009-12-03 01:45 . 2009-12-03 01:54 -------- d-----w- c:\program files\Common Files\BitDefender
    2009-12-03 01:26 . 2009-12-03 01:29 -------- d-----w- c:\documents and settings\All\Application Data\QuickScan
    2009-12-03 01:26 . 2009-11-27 01:39 678912 ----a-w- c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    2009-12-03 01:26 . 2009-11-27 01:37 768512 ----a-w- c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2009-12-03 01:18 . 2009-12-03 01:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-11-11 01:04 . 2009-11-11 01:04 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
    2009-11-11 01:03 . 2009-11-11 01:03 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-09 19:31 . 2008-06-13 22:06 -------- d-----w- c:\program files\Steam
    2009-12-09 00:21 . 2007-05-23 21:53 2999 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
    2009-12-08 21:27 . 2009-03-31 22:27 -------- d-----w- c:\documents and settings\All\Application Data\LimeWire
    2009-12-04 19:16 . 2006-07-19 02:33 44102 ----a-w- c:\documents and settings\All\Application Data\wklnhst.dat
    2009-12-04 05:02 . 2006-08-14 23:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-12-03 01:51 . 2008-01-04 22:47 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
    2009-11-20 01:57 . 2006-07-20 14:12 -------- d-----w- c:\program files\Electronic Arts
    2009-11-20 01:56 . 2006-07-19 19:25 -------- d-----w- c:\program files\EA GAMES
    2009-11-15 23:51 . 2006-11-03 01:13 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2009-11-03 08:05 . 2008-08-01 07:26 21768 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\NewFeatures\.update\.target\ippeupdt.dll
    2009-11-03 08:05 . 2008-08-01 07:26 1897736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\NewFeatures\.update\.target\ppeupdt.dll
    2009-11-03 08:05 . 2008-08-01 07:26 1303816 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\NewFeatures\.update\.target\ppecore.dll
    2009-10-28 18:01 . 2006-07-25 22:07 -------- d-----w- c:\documents and settings\All\Application Data\Apple Computer
    2009-10-28 17:56 . 2009-10-28 17:54 -------- d-----w- c:\program files\iTunes
    2009-10-28 17:56 . 2009-10-28 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-10-28 17:54 . 2009-10-28 17:54 -------- d-----w- c:\program files\iPod
    2009-10-28 17:54 . 2007-07-08 16:14 -------- d-----w- c:\program files\Common Files\Apple
    2009-10-28 17:52 . 2009-10-28 17:51 -------- d-----w- c:\program files\QuickTime
    2009-10-28 17:42 . 2009-10-28 17:42 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
    2009-10-15 10:04 . 2006-06-17 18:40 -------- d-----w- c:\program files\Microsoft Works
    2009-10-02 09:08 . 2007-07-13 12:50 816392 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch2.exe
    2009-09-11 14:18 . 2005-08-16 08:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-10-20 02:59 . 2009-12-03 02:02 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
    2009-12-09 00:20 . 2007-05-23 21:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "Steam"="c:\program files\steam\steam.exe" [2009-10-27 1217808]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
    "masqform.exe"="c:\program files\PureEdge\Viewer 6.1\masqform.exe" [2004-04-19 634880]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-08-10 319488]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-10 185896]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-10-23 1118144]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
  6. 2009-12-09, 20:45 #16
    meathook
    meathook is offline
    Junior Member
    Join Date
    Dec 2009
    Posts
    22

    Default Log part 2

    c:\documents and settings\All\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-17 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-4-9 972064]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\BitDefender\\BitDefender 2010\\vsserv.exe"=
    "c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
    "c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
    "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 3:31 PM 161064]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [11/10/2009 5:04 PM 152456]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 4:06 PM 183880]
    S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Softnyx\RakionIS\Bin\GameGuard\dump_wmimmc.sys --> c:\program files\Softnyx\RakionIS\Bin\GameGuard\dump_wmimmc.sys [?]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/17/2006 10:45 AM 30192]
    S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [7/18/2006 1:40 PM 99840]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?.home=ytie
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    IE: &Search - ?p=ZNfox000
    IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
    IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    Trusted Zone: musicmatch.com\online
    FF - ProfilePath - c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    SharedTaskScheduler-{34da5b3a-7682-4cc9-a854-9a663f97852c} - c:\windows\system32\gagavosu.dll
    SharedTaskScheduler-{d8cfd8f8-bafd-49e2-9316-34252645d0f5} - c:\windows\system32\nipuwoku.dll
    SSODL-kipifakiy-{34da5b3a-7682-4cc9-a854-9a663f97852c} - c:\windows\system32\gagavosu.dll
    SSODL-miwuhosug-{d8cfd8f8-bafd-49e2-9316-34252645d0f5} - c:\windows\system32\nipuwoku.dll
    AddRemove-12133444-BF36-4d4e-B7FB-A3424C645DE4 - c:\program files\GemMaster\uninstallgemmaster.exe
    AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
    AddRemove-Hoyle Card Games 4 - c:\windows\IsUninst.exe -fc:\sierra\Hoyle Card Games 4\Uninst.isu
    AddRemove-Network Play System (Patching) - c:\windows\IsUninst.exe -fc:\program files\Electronic Arts\Network Play System\NPSPatch.isu
    AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
    AddRemove-The Sims - c:\windows\IsUninst.exe -fc:\program files\Maxis\The Sims\Uninst.isu
    AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
    AddRemove-{2A9F95AB-65A3-432c-8631-B8BC5BF7477A} - c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\EAUninstall.exe
    AddRemove-{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E} - c:\program files\Electronic Arts\The Lord of the Rings
    AddRemove-{962E05CF-3394-496D-0091-850CF1762F6B} - c:\program files\EA GAMES\The Battle for Middle-earth (tm)\EAUninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-09 11:28
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(584)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(3208)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\stsystra.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    .
    **************************************************************************
    .
    Completion time: 2009-12-09 11:39:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-12-09 19:39

    Pre-Run: 40,358,903,808 bytes free
    Post-Run: 40,555,470,848 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - 639A12649635890CB8966CF12F8988B0
  7. 2009-12-10, 06:13 #17
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Post a fresh dds log too, please. Is H: drive external drive or system recovery partition?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  8. 2009-12-10, 21:10 #18
    meathook
    meathook is offline
    Junior Member
    Join Date
    Dec 2009
    Posts
    22

    Default

    H: is an external Hard Drive

    Here is the DDS log -


    DDS (Ver_09-09-29.01) - NTFSx86
    Run by All at 12:04:58.49 on Thu 12/10/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.510 [GMT -8:00]

    AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Documents and Settings\All\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/?.home=ytie
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
    TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/5.0 (Windows; U; Windows NT 5.1;

    en-US; rv:1.9.0.14) Gecko/2009082707 Firefox/3.0.14 (.NET CLR 3.5.30729)"

    -"http://www8.agame.com/games/shockwave/d/dance_trends_3d/dance_trends_3d_girlsgogames_com.htm"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
    mRun: [masqform.exe] c:\program files\pureedge\viewer 6.1\masqform.exe /RegServer -UpdateCurrentUser
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
    mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    StartupFolder: c:\docume~1\all\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common

    files\intuit\quickbooks\qbupdate\qbupdate.exe
    IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    IE: &Search - ?p=ZNfox000
    IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
    IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
    IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta

    search bar\ENCSBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: musicmatch.com\online
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

    hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178750942250
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\all\applic~1\mozilla\firefox\profiles\xysggp8w.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: c:\documents and settings\all\application

    data\mozilla\firefox\profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
    FF - component: c:\program files\mozilla firefox\components\FFComm.dll
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    FF - plugin: c:\documents and settings\all\application

    data\mozilla\firefox\profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

    c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============

    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-11-10 152456]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19

    183880]
    S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\softnyx\rakionis\bin\gameguard\dump_wmimmc.sys --> c:\program

    files\softnyx\rakionis\bin\gameguard\dump_wmimmc.sys [?]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe

    [2006-6-17 30192]
    S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2006-7-18 99840]
    S3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [2007-8-22 461312]

    =============== Created Last 30 ================

    2009-12-09 11:14 <DIR> a-dshr-- C:\cmdcons
    2009-12-09 11:13 261,632 a------- c:\windows\PEV.exe
    2009-12-09 11:13 161,792 a------- c:\windows\SWREG.exe
    2009-12-09 11:13 98,816 a------- c:\windows\sed.exe
    2009-12-09 11:13 77,312 a------- c:\windows\MBR.exe
    2009-12-04 13:30 <DIR> --d----- c:\program files\Trend Micro
    2009-12-04 06:45 0 a------- c:\windows\system32\ab_bl.sig
    2009-12-04 06:45 4 a------- c:\windows\system32\aspdict-en.dat
    2009-12-04 06:45 16 a------- c:\windows\system32\asdict.dat
    2009-12-03 21:05 385 a------- c:\windows\system32\user_gensett.xml
    2009-12-02 22:36 132 a------- c:\windows\system32\rezumatenoi.dat
    2009-12-02 18:07 0 a------- C:\pcwords2.dat
    2009-12-02 18:07 0 a------- C:\pcwords.dat
    2009-12-02 18:07 0 a------- C:\pc_sign.slf
    2009-12-02 18:07 0 a------- C:\pcconf.ini
    2009-12-02 17:53 <DIR> --d----- c:\program files\BitDefender
    2009-12-02 17:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
    2009-12-02 17:53 <DIR> --d----- c:\docume~1\all\applic~1\BitDefender
    2009-12-02 17:45 <DIR> --d----- c:\program files\common files\BitDefender
    2009-12-02 17:26 <DIR> --d----- c:\docume~1\all\applic~1\QuickScan
    2009-11-10 17:04 152,456 a------- c:\windows\system32\drivers\bdfm.sys
    2009-11-10 17:03 105,736 a------- c:\windows\system32\drivers\bdhv.sys

    ==================== Find3M ====================

    2009-12-09 12:48 44,198 a------- c:\docume~1\all\applic~1\wklnhst.dat
    2009-10-22 01:19 5,939,712 -------- c:\windows\system32\dllcache\mshtml.dll
    2009-08-14 15:09 79,648 a------- c:\docume~1\all\applic~1\GDIPFONTCACHEV1.DAT
    2008-05-26 12:34 32,768 a--sh--- c:\windows\system32\config\systemprofile\local

    settings\history\history.ie5\mshist012008052620080527\index.dat

    ============= FINISH: 12:07:43.91 ===============
  9. 2009-12-10, 21:40 #19
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please disable word wrap in notepad to make next logs appear in more readable format.


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    File::
c:\windows\system32\rezumatenoi.dat
Folder::
c:\documents and settings\All\Application Data\LimeWire

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

    Uninstall your current Adobe shockwave player and get the fresh one here if needed.

    Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.



    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  10. 2009-12-12, 01:28 #20
    meathook
    meathook is offline
    Junior Member
    Join Date
    Dec 2009
    Posts
    22

    Default Kaspersky Scan

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, December 11, 2009
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, December 11, 2009 18:49:23
    Records in database: 3359532
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    H:\

    Scan statistics:
    Objects scanned: 160642
    Threats found: 3
    Infected objects found: 7
    Suspicious objects found: 0
    Scan duration: 03:52:47


    File name / Threat / Threats count
    C:\Documents and Settings\All\Application Data\Sun\Java\Deployment\cache\6.0\43\2f3e9deb-461901ec Infected: Trojan-Downloader.Java.Agent.f 1
    C:\Documents and Settings\All\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-33de268c Infected: Trojan-Downloader.Java.Agent.f 1
    C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP898\A0813320.dll Infected: Packed.Win32.TDSS.aa 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP898\A0813321.dll Infected: Packed.Win32.TDSS.aa 1
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP898\A0813322.dll Infected: Packed.Win32.TDSS.aa 1

    Selected area has been scanned.
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules