Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webpage redirect from google search


  • This topic is locked This topic is locked
23 replies to this topic

#1 buckeyefan58

buckeyefan58

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 22 June 2010 - 08:33 PM

I am looking for some help on an issue I have been having lately where I am redirected to other webpages from google search links. I have run ad-aware, spybot, eusing registry cleaner, bit defender, cdwshedder, and ccleaner without any luck. Attached below is my hijackthis file. Any help provided is much appreciated. I have been pulling my hair out trying to get rid of this issue.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:24:28 PM, on 6/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WallpaperSS\WallpaperSS.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.229.50.14:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: iTunes.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://mygmgw.gm.com/http://usabhembma16.m...om/iNotes6W.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Unknown owner - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8607 bytes

Edited by Orange Blossom, 22 June 2010 - 08:34 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 22 June 2010 - 09:11 PM

Attached is my DDS file log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Roths at 21:46:00.03 on Tue 06/22/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.957 [GMT -4:00]

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WallpaperSS\WallpaperSS.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Roths\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://portal.wowway.net/index.php
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyServer = 169.229.50.14:3128
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WallpaperSS] c:\program files\wallpaperss\WallpaperSS.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\users\roths\appdata\roaming\micros~1\windows\startm~1\programs\startup\itunes.lnk - c:\windows\installer\{5ecb3a3c-980b-4d12-9724-25dcb07a1f47}\iTunesIco.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mygmgw.gm.com/http://usabhembma16.mail.gm.com/iNotes6W.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\roths\appdata\roaming\mozilla\firefox\profiles\xij9n86j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\roths\appdata\roaming\mozilla\firefox\profiles\xij9n86j.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-21 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-7-31 28552]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-2 338464]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 153448]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-6-7 179144]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-22 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-27 21504]

=============== Created Last 30 ================

2010-06-22 20:40:14 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-22 01:41:04 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-22 01:39:12 0 dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-06-22 01:04:53 0 d-----w- c:\program files\Trend Micro
2010-06-20 15:47:07 0 d-----w- c:\program files\LyricsFetcher
2010-06-20 06:16:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-20 05:05:35 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-20 05:04:16 3 ----a-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2010-06-20 05:03:52 4052 ----a-w- c:\windows\system32\wbem\Wdf01000.mof
2010-06-20 05:03:52 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-06-20 05:03:52 118 ----a-w- c:\windows\system32\wbem\Wdf01000Uninstall.mof
2010-06-20 05:03:51 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-06-20 04:57:59 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-06-19 21:50:11 0 d-----w- c:\users\roths\appdata\roaming\HDRsoft
2010-06-19 19:27:06 0 d-----w- c:\program files\PhotomatixPro3
2010-06-19 17:49:36 0 d-----w- c:\program files\iPod
2010-06-19 17:33:05 0 d-----w- c:\program files\iTunes
2010-06-19 17:25:56 0 d-----w- c:\program files\Bonjour
2010-06-16 21:54:47 0 d-----w- c:\program files\Lavasoft
2010-06-09 00:48:35 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 00:43:36 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 00:43:01 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 00:43:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-07 22:21:47 179144 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-06-07 22:21:44 0 d-----w- c:\program files\Soluto
2010-06-07 22:21:06 0 d-----w- c:\programdata\Soluto
2010-05-28 02:32:58 245936 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-28 02:31:32 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-28 02:31:28 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-05-27 20:57:47 20 ----a-w- c:\users\roths\appdata\roaming\vqdlkr.dat
2010-05-26 01:54:44 0 d-----w- c:\program files\SyncToy 2.1
2010-05-26 00:16:22 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2010-06-23 01:17:50 88947 ----a-w- c:\programdata\nvModes.dat
2010-06-20 06:03:41 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-20 06:03:40 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-20 06:03:35 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-28 02:31:32 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 00:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-03-30 00:42:00 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-18 08:20:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-10 22:55:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-25 15:40:23 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-12-25 15:40:23 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-12-25 15:40:23 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-12-25 15:40:23 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 21:46:43.16 ===============


#3 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 23 June 2010 - 08:31 PM

My GMER output file.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-23 16:50:36
Windows 6.0.6002 Service Pack 2
Running: ksy9o4uz.exe; Driver: C:\Users\Roths\AppData\Local\Temp\kgldqpoc.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 84819BF8
INT 0x63 ? 86790BF8
INT 0x73 ? 86790BF8
INT 0x82 ? 84819BF8
INT 0x92 ? 84819BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\sphb.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8837B41B 5 Bytes JMP 867901D8
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C80E340, 0x3FA057, 0xE8000020]
.text aa5ddxvt.SYS 8C6C0000 22 Bytes [82, 33, 41, 82, 6C, 32, 41, ...]
.text aa5ddxvt.SYS 8C6C0017 181 Bytes [00, 32, 97, B1, 82, 3D, 95, ...]
.text aa5ddxvt.SYS 8C6C00CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text aa5ddxvt.SYS 8C6C00DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text aa5ddxvt.SYS 8C6C00E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!RtlCreateProcessParametersEx 77B3E01B 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtClose + 5 77B74319 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtCreateEvent + 5 77B743B9 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtCreateFile + 5 77B743D9 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtCreateKey + 5 77B74419 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtCreateMutant + 5 77B74449 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtCreateProcess + 5 77B74499 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtCreateProcessEx + 5 77B744A9 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtCreateSection + 5 77B744C9 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtCreateThread + 5 77B744F9 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtDeleteKey + 5 77B747C9 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtDeleteValueKey + 5 77B747F9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtDuplicateObject + 5 77B74829 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtLoadDriver + 5 77B74A69 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtMapViewOfSection + 5 77B74B29 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtOpenFile + 5 77B74BB9 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtOpenKey + 5 77B74BE9 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtOpenProcess + 5 77B74C39 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtOpenSection + 5 77B74C69 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtQueueApcThread + 5 77B75009 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtSetInformationFile + 5 77B752E9 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtSetValueKey + 5 77B75459 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtTerminateProcess + 5 77B754F9 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtUnmapViewOfSection + 5 77B755D9 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtWriteFile + 5 77B75649 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtWriteVirtualMemory + 5 77B75679 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!NtCreateThreadEx + 5 77B757F9 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ntdll.dll!RtlCreateProcessParameters 77BA6564 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!GetSystemTimeAsFileTime 764F18C0 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!GetStartupInfoW 764F1929 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!GetStartupInfoA 764F19C9 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CreateProcessA 764F1C28 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!Sleep 764F1C5D 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!WriteProcessMemory 764F1CB8 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!SetFileAttributesW 764FEF2E 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CopyFileExW 76500211 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!DeleteFileW 7650F4B6 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!MoveFileWithProgressW 765110A4 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CreateProcessInternalW 765153DF 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!LoadLibraryExW 76519109 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!LoadLibraryA 765194DC 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!FreeLibrary 76533DB4 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!ExitProcess 765341D8 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!GetProcAddress 7653903B 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!GetModuleHandleA 765392A5 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!SleepEx 7653993E 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!QueryPerformanceCounter 7653A660 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!GetModuleHandleW 7653A804 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CloseHandle 7653AE8D 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CreateFileW 7653AECB 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CreateThread 7653C90E 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CreateRemoteThread 7653C935 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CreateFileA 7653CE5F 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CreateDirectoryW 7653D166 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CheckRemoteDebuggerPresent 7653ED9D 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CreateToolhelp32Snapshot 765466A7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!PulseEvent 76547B01 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!CreateDirectoryExW 76579EE1 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!WinExec 76585CF7 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!SetThreadContext 7658794A 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!ReadConsoleA 765975AD 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!ReadConsoleW 76597603 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!ReadConsoleInputA 76598853 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] kernel32.dll!ReadConsoleInputW 76598876 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] USER32.dll!SetWindowsHookExA 77CD6322 5 Bytes JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] USER32.dll!SetWindowsHookExW 77CD87AD 5 Bytes JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] USER32.dll!UserClientDllInitialize 77CE7A1D 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] USER32.dll!PeekMessageA 77CE8343 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] USER32.dll!GetMessageA 77CE8AB3 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] USER32.dll!GetMessageW 77CEFEF7 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] USER32.dll!PeekMessageW 77CF045A 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!OpenServiceA 76202EBD 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!OpenServiceW 76208354 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!RegOpenCurrentUser + 9B 76220CC1 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!ControlService 76229FB8 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!ControlServiceExA 7626662E 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!ControlServiceExW 76266741 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] msvcrt.dll!_lock + 29 765D9FAE 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] msvcrt.dll!__p__fmode 765E179B 5 Bytes JMP 60032168 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] msvcrt.dll!__p__environ 765EC7D7 5 Bytes JMP 6003215E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] SHELL32.dll!Shell_NotifyIconW 76EC8626 5 Bytes JMP 60032186 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76EE90DD 5 Bytes JMP 60032172 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WS2_32.dll!WahWriteLSPEvent + FFFDF231 77CA1434 5 Bytes JMP 6003217C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WS2_32.dll!GetAddrInfoW 77CA3D12 5 Bytes JMP 600321A4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WS2_32.dll!connect 77CA40D9 5 Bytes JMP 600321B8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WS2_32.dll!WSASend 77CA4496 1 Byte [E9]
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WS2_32.dll!WSASend 77CA4496 5 Bytes JMP 6003219A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WS2_32.dll!send 77CA659B 5 Bytes JMP 60032190 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WS2_32.dll!gethostbyname 77CB62D4 5 Bytes JMP 600321AE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WININET.DLL!InternetConfirmZoneCrossing + FFF66B4A 762B1748 5 Bytes JMP 600321C2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WININET.DLL!HttpOpenRequestA 762CD508 5 Bytes JMP 600321FE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WININET.DLL!InternetConnectA 762CDEAE 5 Bytes JMP 600321F4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\iTunes\iTunesHelper.exe[4680] WININET.DLL!InternetOpenA 762DD690 5 Bytes JMP 600321EA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!RtlCreateProcessParametersEx 77B3E01B 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtClose + 5 77B74319 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtCreateEvent + 5 77B743B9 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtCreateFile + 5 77B743D9 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtCreateKey + 5 77B74419 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtCreateMutant + 5 77B74449 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtCreateProcess + 5 77B74499 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtCreateProcessEx + 5 77B744A9 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtCreateSection + 5 77B744C9 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtCreateThread + 5 77B744F9 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtDeleteKey + 5 77B747C9 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtDeleteValueKey + 5 77B747F9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtDuplicateObject + 5 77B74829 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtLoadDriver + 5 77B74A69 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtMapViewOfSection + 5 77B74B29 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtOpenFile + 5 77B74BB9 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtOpenKey + 5 77B74BE9 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtOpenProcess + 5 77B74C39 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtOpenSection + 5 77B74C69 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtQueueApcThread + 5 77B75009 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtSetInformationFile + 5 77B752E9 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtSetValueKey + 5 77B75459 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtTerminateProcess + 5 77B754F9 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtUnmapViewOfSection + 5 77B755D9 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtWriteFile + 5 77B75649 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtWriteVirtualMemory + 5 77B75679 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!NtCreateThreadEx + 5 77B757F9 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ntdll.dll!RtlCreateProcessParameters 77BA6564 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!GetSystemTimeAsFileTime 764F18C0 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!GetStartupInfoW 764F1929 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!GetStartupInfoA 764F19C9 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CreateProcessA 764F1C28 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!Sleep 764F1C5D 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!WriteProcessMemory 764F1CB8 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!SetFileAttributesW 764FEF2E 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CopyFileExW 76500211 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!DeleteFileW 7650F4B6 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!MoveFileWithProgressW 765110A4 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CreateProcessInternalW 765153DF 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!LoadLibraryExW 76519109 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!LoadLibraryA 765194DC 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!FreeLibrary 76533DB4 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!ExitProcess 765341D8 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!GetProcAddress 7653903B 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!GetModuleHandleA 765392A5 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!SleepEx 7653993E 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!QueryPerformanceCounter 7653A660 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!GetModuleHandleW 7653A804 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CloseHandle 7653AE8D 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CreateFileW 7653AECB 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CreateThread 7653C90E 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CreateRemoteThread 7653C935 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CreateFileA 7653CE5F 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CreateDirectoryW 7653D166 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CheckRemoteDebuggerPresent 7653ED9D 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CreateToolhelp32Snapshot 765466A7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!PulseEvent 76547B01 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!CreateDirectoryExW 76579EE1 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!WinExec 76585CF7 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!SetThreadContext 7658794A 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!ReadConsoleA 765975AD 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!ReadConsoleW 76597603 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!ReadConsoleInputA 76598853 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] kernel32.dll!ReadConsoleInputW 76598876 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] USER32.dll!SetWindowsHookExA 77CD6322 5 Bytes JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] USER32.dll!SetWindowsHookExW 77CD87AD 5 Bytes JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] USER32.dll!UserClientDllInitialize 77CE7A1D 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] USER32.dll!PeekMessageA 77CE8343 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] USER32.dll!GetMessageA 77CE8AB3 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] USER32.dll!GetMessageW 77CEFEF7 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] USER32.dll!PeekMessageW 77CF045A 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!OpenServiceA 76202EBD 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!OpenServiceW 76208354 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!RegOpenCurrentUser + 9B 76220CC1 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!ControlService 76229FB8 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!ControlServiceExA 7626662E 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!ControlServiceExW 76266741 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] msvcrt.dll!_lock + 29 765D9FAE 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] msvcrt.dll!__p__fmode 765E179B 5 Bytes JMP 60032168 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe[4764] msvcrt.dll!__p__environ 765EC7D7 5 Bytes JMP 6003215E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!RtlCreateProcessParametersEx 77B3E01B 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtClose + 5 77B74319 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtCreateEvent + 5 77B743B9 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtCreateFile + 5 77B743D9 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtCreateKey + 5 77B74419 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtCreateMutant + 5 77B74449 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtCreateProcess + 5 77B74499 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtCreateProcessEx + 5 77B744A9 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtCreateSection + 5 77B744C9 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtCreateThread + 5 77B744F9 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtDeleteKey + 5 77B747C9 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtDeleteValueKey + 5 77B747F9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtDuplicateObject + 5 77B74829 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtLoadDriver + 5 77B74A69 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtMapViewOfSection + 5 77B74B29 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtOpenFile + 5 77B74BB9 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtOpenKey + 5 77B74BE9 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtOpenProcess + 5 77B74C39 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtOpenSection + 5 77B74C69 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtQueueApcThread + 5 77B75009 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtSetInformationFile + 5 77B752E9 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtSetValueKey + 5 77B75459 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtTerminateProcess + 5 77B754F9 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtUnmapViewOfSection + 5 77B755D9 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtWriteFile + 5 77B75649 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtWriteVirtualMemory + 5 77B75679 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!NtCreateThreadEx + 5 77B757F9 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ntdll.dll!RtlCreateProcessParameters 77BA6564 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!GetSystemTimeAsFileTime 764F18C0 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!GetStartupInfoW 764F1929 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!GetStartupInfoA 764F19C9 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CreateProcessA 764F1C28 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!Sleep 764F1C5D 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!WriteProcessMemory 764F1CB8 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!SetFileAttributesW 764FEF2E 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CopyFileExW 76500211 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!DeleteFileW 7650F4B6 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!MoveFileWithProgressW 765110A4 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CreateProcessInternalW 765153DF 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!LoadLibraryExW 76519109 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!LoadLibraryA 765194DC 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!FreeLibrary 76533DB4 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!ExitProcess 765341D8 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!GetProcAddress 7653903B 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!GetModuleHandleA 765392A5 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!SleepEx 7653993E 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!QueryPerformanceCounter 7653A660 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!GetModuleHandleW 7653A804 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CloseHandle 7653AE8D 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CreateFileW 7653AECB 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CreateThread 7653C90E 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CreateRemoteThread 7653C935 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CreateFileA 7653CE5F 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CreateDirectoryW 7653D166 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CheckRemoteDebuggerPresent 7653ED9D 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CreateToolhelp32Snapshot 765466A7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!PulseEvent 76547B01 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!CreateDirectoryExW 76579EE1 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!WinExec 76585CF7 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!SetThreadContext 7658794A 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!ReadConsoleA 765975AD 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!ReadConsoleW 76597603 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!ReadConsoleInputA 76598853 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] kernel32.dll!ReadConsoleInputW 76598876 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!OpenServiceA 76202EBD 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!OpenServiceW 76208354 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!RegOpenCurrentUser + 9B 76220CC1 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!ControlService 76229FB8 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!ControlServiceExA 7626662E 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!ControlServiceExW 76266741 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] USER32.dll!SetWindowsHookExA 77CD6322 5 Bytes JMP 60032172 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] USER32.dll!SetWindowsHookExW 77CD87AD 5 Bytes JMP 60032168 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] USER32.dll!UserClientDllInitialize 77CE7A1D 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] USER32.dll!PeekMessageA 77CE8343 5 Bytes JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] USER32.dll!GetMessageA 77CE8AB3 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] USER32.dll!GetMessageW 77CEFEF7 5 Bytes JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] USER32.dll!PeekMessageW 77CF045A 1 Byte [E9]
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] USER32.dll!PeekMessageW 77CF045A 5 Bytes JMP 6003215E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] SHELL32.dll!Shell_NotifyIconW 76EC8626 5 Bytes JMP 60032190 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76EE90DD 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] msvcrt.dll!_lock + 29 765D9FAE 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] msvcrt.dll!__p__fmode 765E179B 5 Bytes JMP 60032186 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] msvcrt.dll!__p__environ 765EC7D7 5 Bytes JMP 6003217C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] WININET.dll!InternetConfirmZoneCrossing + FFF66B4A 762B1748 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] WININET.dll!HttpOpenRequestA 762CD508 5 Bytes JMP 600321C2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] WININET.dll!InternetConnectA 762CDEAE 5 Bytes JMP 600321B8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe[4820] WININET.dll!InternetOpenA 762DD690 5 Bytes JMP 600321AE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!RtlCreateProcessParametersEx 77B3E01B 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtClose + 5 77B74319 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtCreateEvent + 5 77B743B9 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtCreateFile + 5 77B743D9 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtCreateKey + 5 77B74419 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtCreateMutant + 5 77B74449 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtCreateProcess + 5 77B74499 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtCreateProcessEx + 5 77B744A9 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtCreateSection + 5 77B744C9 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtCreateThread + 5 77B744F9 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtDeleteKey + 5 77B747C9 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtDeleteValueKey + 5 77B747F9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtDuplicateObject + 5 77B74829 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtLoadDriver + 5 77B74A69 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtMapViewOfSection + 5 77B74B29 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtOpenFile + 5 77B74BB9 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtOpenKey + 5 77B74BE9 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtOpenProcess + 5 77B74C39 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtOpenSection + 5 77B74C69 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtQueueApcThread + 5 77B75009 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtSetInformationFile + 5 77B752E9 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtSetValueKey + 5 77B75459 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtTerminateProcess + 5 77B754F9 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtUnmapViewOfSection + 5 77B755D9 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtWriteFile + 5 77B75649 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtWriteVirtualMemory + 5 77B75679 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!NtCreateThreadEx + 5 77B757F9 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ntdll.dll!RtlCreateProcessParameters 77BA6564 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!GetSystemTimeAsFileTime 764F18C0 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!GetStartupInfoW 764F1929 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!GetStartupInfoA 764F19C9 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CreateProcessA 764F1C28 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!Sleep 764F1C5D 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!WriteProcessMemory 764F1CB8 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!SetFileAttributesW 764FEF2E 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CopyFileExW 76500211 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!DeleteFileW 7650F4B6 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!MoveFileWithProgressW 765110A4 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CreateProcessInternalW 765153DF 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!LoadLibraryExW 76519109 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!LoadLibraryA 765194DC 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!FreeLibrary 76533DB4 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!ExitProcess 765341D8 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!GetProcAddress 7653903B 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!GetModuleHandleA 765392A5 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!SleepEx 7653993E 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!QueryPerformanceCounter 7653A660 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!GetModuleHandleW 7653A804 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CloseHandle 7653AE8D 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CreateFileW 7653AECB 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CreateThread 7653C90E 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CreateRemoteThread 7653C935 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CreateFileA 7653CE5F 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CreateDirectoryW 7653D166 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CheckRemoteDebuggerPresent 7653ED9D 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CreateToolhelp32Snapshot 765466A7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!PulseEvent 76547B01 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!CreateDirectoryExW 76579EE1 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!WinExec 76585CF7 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!SetThreadContext 7658794A 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!ReadConsoleA 765975AD 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!ReadConsoleW 76597603 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!ReadConsoleInputA 76598853 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] kernel32.dll!ReadConsoleInputW 76598876 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] msvcrt.dll!_lock + 29 765D9FAE 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] msvcrt.dll!__p__fmode 765E179B 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] msvcrt.dll!__p__environ 765EC7D7 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] USER32.dll!SetWindowsHookExA 77CD6322 5 Bytes JMP 60032168 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] USER32.dll!SetWindowsHookExW 77CD87AD 5 Bytes JMP 6003215E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] USER32.dll!UserClientDllInitialize 77CE7A1D 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] USER32.dll!PeekMessageA 77CE8343 5 Bytes JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] USER32.dll!GetMessageA 77CE8AB3 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] USER32.dll!GetMessageW 77CEFEF7 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] USER32.dll!PeekMessageW 77CF045A 5 Bytes JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!OpenServiceA 76202EBD 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!OpenServiceW 76208354 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!RegOpenCurrentUser + 9B 76220CC1 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!ControlService 76229FB8 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!ControlServiceExA 7626662E 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!ControlServiceExW 76266741 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\wuauclt.exe[4932] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!RtlCreateProcessParametersEx 77B3E01B 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtClose + 5 77B74319 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtCreateEvent + 5 77B743B9 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtCreateFile + 5 77B743D9 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtCreateKey + 5 77B74419 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtCreateMutant + 5 77B74449 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtCreateProcess + 5 77B74499 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtCreateProcessEx + 5 77B744A9 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtCreateSection + 5 77B744C9 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtCreateThread + 5 77B744F9 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtDeleteKey + 5 77B747C9 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtDeleteValueKey + 5 77B747F9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtDuplicateObject + 5 77B74829 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtLoadDriver + 5 77B74A69 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtMapViewOfSection + 5 77B74B29 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtOpenFile + 5 77B74BB9 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtOpenKey + 5 77B74BE9 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtOpenProcess + 5 77B74C39 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtOpenSection + 5 77B74C69 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtQueueApcThread + 5 77B75009 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtSetInformationFile + 5 77B752E9 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtSetValueKey + 5 77B75459 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtTerminateProcess + 5 77B754F9 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtUnmapViewOfSection + 5 77B755D9 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtWriteFile + 5 77B75649 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtWriteVirtualMemory + 5 77B75679 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!NtCreateThreadEx + 5 77B757F9 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ntdll.dll!RtlCreateProcessParameters 77BA6564 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!GetSystemTimeAsFileTime 764F18C0 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!GetStartupInfoW 764F1929 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!GetStartupInfoA 764F19C9 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CreateProcessA 764F1C28 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!Sleep

#4 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 23 June 2010 - 08:32 PM

GMER file continued....

.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!WriteProcessMemory 764F1CB8 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!SetFileAttributesW 764FEF2E 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CopyFileExW 76500211 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!DeleteFileW 7650F4B6 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!MoveFileWithProgressW 765110A4 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CreateProcessInternalW 765153DF 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!LoadLibraryExW 76519109 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!LoadLibraryA 765194DC 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!FreeLibrary 76533DB4 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!ExitProcess 765341D8 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!GetProcAddress 7653903B 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!GetModuleHandleA 765392A5 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!SleepEx 7653993E 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!QueryPerformanceCounter 7653A660 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!GetModuleHandleW 7653A804 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CloseHandle 7653AE8D 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CreateFileW 7653AECB 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CreateThread 7653C90E 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CreateRemoteThread 7653C935 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CreateFileA 7653CE5F 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CreateDirectoryW 7653D166 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CheckRemoteDebuggerPresent 7653ED9D 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CreateToolhelp32Snapshot 765466A7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!PulseEvent 76547B01 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!CreateDirectoryExW 76579EE1 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!WinExec 76585CF7 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!SetThreadContext 7658794A 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!ReadConsoleA 765975AD 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!ReadConsoleW 76597603 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!ReadConsoleInputA 76598853 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] kernel32.dll!ReadConsoleInputW 76598876 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] msvcrt.dll!_lock + 29 765D9FAE 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] msvcrt.dll!__p__fmode 765E179B 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] msvcrt.dll!__p__environ 765EC7D7 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!OpenServiceA 76202EBD 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!OpenServiceW 76208354 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!RegOpenCurrentUser + 9B 76220CC1 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!ControlService 76229FB8 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!ControlServiceExA 7626662E 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!ControlServiceExW 76266741 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] USER32.dll!SetWindowsHookExA 77CD6322 5 Bytes JMP 60032172 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] USER32.dll!SetWindowsHookExW 77CD87AD 5 Bytes JMP 60032168 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] USER32.dll!UserClientDllInitialize 77CE7A1D 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] USER32.dll!PeekMessageA 77CE8343 5 Bytes JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] USER32.dll!GetMessageA 77CE8AB3 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] USER32.dll!GetMessageW 77CEFEF7 5 Bytes JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] USER32.dll!PeekMessageW 77CF045A 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[5392] USER32.dll!PeekMessageW 77CF045A 5 Bytes JMP 6003215E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] WS2_32.dll!WahWriteLSPEvent + FFFDF231 77CA1434 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] WS2_32.dll!GetAddrInfoW 77CA3D12 5 Bytes JMP 60032190 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] WS2_32.dll!connect 77CA40D9 5 Bytes JMP 600321A4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] WS2_32.dll!WSASend 77CA4496 5 Bytes JMP 60032186 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] WS2_32.dll!send 77CA659B 5 Bytes JMP 6003217C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\system32\svchost.exe[5392] WS2_32.dll!gethostbyname 77CB62D4 5 Bytes JMP 6003219A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!LdrLoadDll 77B39390 5 Bytes JMP 008F13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!RtlCreateProcessParametersEx 77B3E01B 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtClose + 5 77B74319 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtCreateEvent + 5 77B743B9 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtCreateFile + 5 77B743D9 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtCreateKey + 5 77B74419 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtCreateMutant + 5 77B74449 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtCreateProcess + 5 77B74499 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtCreateProcessEx + 5 77B744A9 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtCreateSection + 5 77B744C9 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtCreateThread + 5 77B744F9 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtDeleteKey + 5 77B747C9 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtDeleteValueKey + 5 77B747F9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtDuplicateObject + 5 77B74829 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtLoadDriver + 5 77B74A69 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtMapViewOfSection + 5 77B74B29 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtOpenFile + 5 77B74BB9 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtOpenKey + 5 77B74BE9 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtOpenProcess + 5 77B74C39 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtOpenSection + 5 77B74C69 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtQueueApcThread + 5 77B75009 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtSetInformationFile + 5 77B752E9 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtSetValueKey + 5 77B75459 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtTerminateProcess + 5 77B754F9 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtUnmapViewOfSection + 5 77B755D9 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtWriteFile + 5 77B75649 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtWriteVirtualMemory + 5 77B75679 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!NtCreateThreadEx + 5 77B757F9 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ntdll.dll!RtlCreateProcessParameters 77BA6564 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!GetSystemTimeAsFileTime 764F18C0 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!GetStartupInfoW 764F1929 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!GetStartupInfoA 764F19C9 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CreateProcessA 764F1C28 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!Sleep 764F1C5D 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!WriteProcessMemory 764F1CB8 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!SetFileAttributesW 764FEF2E 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CopyFileExW 76500211 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!DeleteFileW 7650F4B6 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!MoveFileWithProgressW 765110A4 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CreateProcessInternalW 765153DF 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!LoadLibraryExW 76519109 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!LoadLibraryA 765194DC 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!FreeLibrary 76533DB4 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!ExitProcess 765341D8 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!GetProcAddress 7653903B 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!GetModuleHandleA 765392A5 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!SleepEx 7653993E 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!QueryPerformanceCounter 7653A660 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!GetModuleHandleW 7653A804 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CloseHandle 7653AE8D 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CreateFileW 7653AECB 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CreateThread 7653C90E 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CreateRemoteThread 7653C935 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CreateFileA 7653CE5F 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CreateDirectoryW 7653D166 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CheckRemoteDebuggerPresent 7653ED9D 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CreateToolhelp32Snapshot 765466A7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!PulseEvent 76547B01 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!CreateDirectoryExW 76579EE1 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!WinExec 76585CF7 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!SetThreadContext 7658794A 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!ReadConsoleA 765975AD 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!ReadConsoleW 76597603 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!ReadConsoleInputA 76598853 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] kernel32.dll!ReadConsoleInputW 76598876 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] msvcrt.dll!_lock + 29 765D9FAE 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] msvcrt.dll!__p__fmode 765E179B 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] msvcrt.dll!__p__environ 765EC7D7 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!OpenServiceA 76202EBD 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!OpenServiceW 76208354 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!RegOpenCurrentUser + 9B 76220CC1 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!ControlService 76229FB8 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!ControlServiceExA 7626662E 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!ControlServiceExW 76266741 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] WS2_32.dll!WahWriteLSPEvent + FFFDF231 77CA1434 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] WS2_32.dll!GetAddrInfoW 77CA3D12 5 Bytes JMP 6003215E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] WS2_32.dll!connect 77CA40D9 5 Bytes JMP 60032172 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] WS2_32.dll!WSASend 77CA4496 5 Bytes JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] WS2_32.dll!send 77CA659B 5 Bytes JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] WS2_32.dll!gethostbyname 77CB62D4 5 Bytes JMP 60032168 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] USER32.dll!SetWindowsHookExA 77CD6322 5 Bytes JMP 600321AE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] USER32.dll!SetWindowsHookExW 77CD87AD 5 Bytes JMP 600321A4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] USER32.dll!UserClientDllInitialize 77CE7A1D 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] USER32.dll!PeekMessageA 77CE8343 5 Bytes JMP 60032190 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] USER32.dll!GetMessageA 77CE8AB3 5 Bytes JMP 6003217C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] USER32.dll!GetMessageW 77CEFEF7 5 Bytes JMP 60032186 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] USER32.dll!PeekMessageW 77CF045A 5 Bytes JMP 6003219A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] SHELL32.dll!Shell_NotifyIconW 76EC8626 5 Bytes JMP 600321B8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76EE90DD 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] WININET.dll!InternetConfirmZoneCrossing + FFF66B4A 762B1748 5 Bytes JMP 600321C2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] WININET.dll!HttpOpenRequestA 762CD508 5 Bytes JMP 600321FE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] WININET.dll!InternetConnectA 762CDEAE 5 Bytes JMP 600321F4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5824] WININET.dll!InternetOpenA 762DD690 5 Bytes JMP 600321EA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!RtlCreateProcessParametersEx 77B3E01B 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtClose + 5 77B74319 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtCreateEvent + 5 77B743B9 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtCreateFile + 5 77B743D9 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtCreateKey + 5 77B74419 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtCreateMutant + 5 77B74449 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtCreateProcess + 5 77B74499 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtCreateProcessEx + 5 77B744A9 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtCreateSection + 5 77B744C9 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtCreateThread + 5 77B744F9 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtDeleteKey + 5 77B747C9 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtDeleteValueKey + 5 77B747F9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtDuplicateObject + 5 77B74829 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtLoadDriver + 5 77B74A69 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtMapViewOfSection + 5 77B74B29 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtOpenFile + 5 77B74BB9 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtOpenKey + 5 77B74BE9 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtOpenProcess + 5 77B74C39 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtOpenSection + 5 77B74C69 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtQueueApcThread + 5 77B75009 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtSetInformationFile + 5 77B752E9 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtSetValueKey + 5 77B75459 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtTerminateProcess + 5 77B754F9 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtUnmapViewOfSection + 5 77B755D9 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtWriteFile + 5 77B75649 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtWriteVirtualMemory + 5 77B75679 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!NtCreateThreadEx + 5 77B757F9 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ntdll.dll!RtlCreateProcessParameters 77BA6564 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!GetSystemTimeAsFileTime 764F18C0 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!GetStartupInfoW 764F1929 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!GetStartupInfoA 764F19C9 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CreateProcessA 764F1C28 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!Sleep 764F1C5D 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!WriteProcessMemory 764F1CB8 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!SetFileAttributesW 764FEF2E 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CopyFileExW 76500211 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!DeleteFileW 7650F4B6 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!MoveFileWithProgressW 765110A4 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CreateProcessInternalW 765153DF 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!LoadLibraryExW 76519109 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!LoadLibraryA 765194DC 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!FreeLibrary 76533DB4 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!ExitProcess 765341D8 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!GetProcAddress 7653903B 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!GetModuleHandleA 765392A5 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!SleepEx 7653993E 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!QueryPerformanceCounter 7653A660 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!GetModuleHandleW 7653A804 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CloseHandle 7653AE8D 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CreateFileW 7653AECB 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CreateThread 7653C90E 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CreateRemoteThread 7653C935 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CreateFileA 7653CE5F 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CreateDirectoryW 7653D166 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CheckRemoteDebuggerPresent 7653ED9D 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CreateToolhelp32Snapshot 765466A7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!PulseEvent 76547B01 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!CreateDirectoryExW 76579EE1 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!WinExec 76585CF7 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!SetThreadContext 7658794A 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!ReadConsoleA 765975AD 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!ReadConsoleW 76597603 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!ReadConsoleInputA 76598853 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] kernel32.dll!ReadConsoleInputW 76598876 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!OpenServiceA 76202EBD 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!OpenServiceW 76208354 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!RegOpenCurrentUser + 9B 76220CC1 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!CreateServiceW 76229EB4 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!ControlService 76229FB8 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!DeleteService 7622A07E 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!ControlServiceExA 7626662E 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!ControlServiceExW 76266741 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!ChangeServiceConfigA 76266DD9 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!ChangeServiceConfigW 76266F81 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] ADVAPI32.dll!CreateServiceA 762672A1 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] USER32.dll!SetWindowsHookExA 77CD6322 5 Bytes JMP 6003215E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] USER32.dll!SetWindowsHookExW 77CD87AD 5 Bytes JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] USER32.dll!UserClientDllInitialize 77CE7A1D 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] USER32.dll!PeekMessageA 77CE8343 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] USER32.dll!GetMessageA 77CE8AB3 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] USER32.dll!GetMessageW 77CEFEF7 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] USER32.dll!PeekMessageW 77CF045A 5 Bytes JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] msvcrt.dll!_lock + 29 765D9FAE 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] msvcrt.dll!__p__fmode 765E179B 5 Bytes JMP 60032172 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] msvcrt.dll!__p__environ 765EC7D7 5 Bytes JMP 60032168 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] SHELL32.dll!Shell_NotifyIconW 76EC8626 5 Bytes JMP 6003217C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Windows\System32\mobsync.exe[5964] SHELL32.dll!Shell_GetCachedImageIndexW + 1D31 76EE90DD 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A106D2] \SystemRoot\System32\Drivers\sphb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A10040] \SystemRoot\System32\Drivers\sphb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A107FC] \SystemRoot\System32\Drivers\sphb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A100BE] \SystemRoot\System32\Drivers\sphb.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A1013C] \SystemRoot\System32\Drivers\sphb.sys
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [8D5750FC] \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\aa5ddxvt.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82A20048] \SystemRoot\System32\Drivers\sphb.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851B01F8
Device \Driver\netbt \Device\NetBT_Tcpip_{A24BADD2-E399-4A13-B9E8-3A145EB2EE4A} 87CA81F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8481B1F8
Device \Driver\usbohci \Device\USBPDO-0 867B31F8
Device \Driver\usbehci \Device\USBPDO-1 867BB1F8
Device \Driver\usbohci \Device\USBPDO-2 867B31F8
Device \Driver\usbehci \Device\USBPDO-3 867BB1F8

AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys

Device \Driver\volmgr \Device\HarddiskVolume1 8481B1F8
Device \Driver\PCI_PNP8624 \Device\00000058 sphb.sys
Device \Driver\sptd \Device\3187916632 sphb.sys
Device \Driver\volmgr \Device\HarddiskVolume2 8481B1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{D2AF1ED2-04DD-4161-988A-C9D0BE669BEB} 87CA81F8
Device \Driver\cdrom \Device\CdRom0 867E11F8
Device \Driver\cdrom \Device\CdRom1 867E11F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 851AF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 851AF1F8
Device \Driver\atapi \Device\Ide\IdePort0 851AF1F8
Device \Driver\atapi \Device\Ide\IdePort1 851AF1F8
Device \Driver\atapi \Device\Ide\IdePort2 851AF1F8
Device \Driver\atapi \Device\Ide\IdePort3 851AF1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87CA81F8
Device \Driver\Smb \Device\NetbiosSmb 87836500
Device \Driver\iScsiPrt \Device\RaidPort0 868491F8

AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys

Device \Driver\usbohci \Device\USBFDO-0 867B31F8
Device \Driver\usbehci \Device\USBFDO-1 867BB1F8
Device \Driver\usbohci \Device\USBFDO-2 867B31F8
Device \Driver\usbehci \Device\USBFDO-3 867BB1F8
Device \Driver\aa5ddxvt \Device\Scsi\aa5ddxvt1 8682D1F8
Device \Driver\VClone \Device\Scsi\VClone1 868281F8
Device \Driver\aa5ddxvt \Device\Scsi\aa5ddxvt1Port6Path0Target0Lun0 8682D1F8
Device \FileSystem\cdfs \Cdfs A4E31500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xB6 0x9C 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x04 0x38 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0xBE 0x9A 0xC3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xB6 0x9C 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x04 0x38 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0xBE 0x9A 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xB6 0x9C 0x6E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x04 0x38 0x58 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0xBE 0x9A 0xC3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xB6 0x9C 0x6E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x04 0x38 0x58 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0xBE 0x9A 0xC3 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xB6 0x9C 0x6E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x04 0x38 0x58 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0xBE 0x9A 0xC3 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xB6 0x9C 0x6E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x04 0x38 0x58 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0xBE 0x9A 0xC3 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xB6 0x9C 0x6E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x04 0x38 0x58 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0xBE 0x9A 0xC3 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xB6 0x9C 0x6E ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x04 0x38 0x58 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0xBE 0x9A 0xC3 ...

---- EOF - GMER 1.0.15 ----

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:19 AM

Posted 28 June 2010 - 03:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 01 July 2010 - 03:38 PM

My DDS file again.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


ActiveHome Pro
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Backup
Atheros Driver Installation Program
Auto Gordian Knot 2.55
AviSynth 2.5
BitDefender Antivirus 2009
BitDefender Antivirus 2010
BitTornado 0.3.17
Bloom
Bonjour
Button Manager of JMicron
Canon iP4500 series
Canon iP4500 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
CleanUp!
Compatibility Pack for the 2007 Office system
Conexant HD Audio
ConvertXtoDVD 3.6.12.174
Coupon Printer for Windows
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Suite
EA Link
ESU for Microsoft Vista
Eusing Free Registry Cleaner
eWallet 5.0 Professional Edition (Windows Mobile)
FairUse Wizard 2
Garmin Training Center v5
Google Earth Plug-in
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Doc Viewer
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP User Guides 0087
HPNetworkAssistant
iSEEK AnswerWorks English Runtime
iTunes
iTunes Lyrics Importer
iTunesFolderWatch
LabelPrint
LightScribe System Software 1.10.13.1
LimeWire 5.1.2
Logitech Harmony Remote Software 7
LyricsFetcher v0.7
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.6)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MWSnap 3
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Panda ActiveScan 2.0
PeerGuardian 2.0
Photomatix Pro version 3.2.9
Pocket Informant 9.10 Build 2413
Power2Go
PowerDirector
QuickTime
Remote Control USB Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Rosetta Stone Version 3
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Skype™ 4.0
Soluto
SopCast 3.2.4
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Synaptics Pointing Device Driver
SyncToy 2.1 (x86)
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmiiper
TurboTax 2009 wrapper
twhirl
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
Veetle TV 0.9.16
Videora iPod Converter 5.03
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VobSub v2.23 (Remove Only)
Wallpaper SlideShow LT 1.4.3
WeatherBug Gadget
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinRAR archiver
WinX DVD Ripper 4.1.4
WinZip 12.1
XviD MPEG4 Video Codec (remove only)
YouTube Downloader App 2.03

==== End Of File ===========================


#7 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 01 July 2010 - 03:41 PM


DDS (Ver_10-03-17.01) - NTFSx86
Run by Roths at 16:32:27.68 on Thu 07/01/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.830 [GMT -4:00]

AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WallpaperSS\WallpaperSS.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Roths\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://portal.wowway.net/index.php
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyServer = 169.229.50.14:3128
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WallpaperSS] c:\program files\wallpaperss\WallpaperSS.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\roths\appdata\roaming\micros~1\windows\startm~1\programs\startup\iTunes.lnk -
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mygmgw.gm.com/http://usabhembma16.mail.gm.com/iNotes6W.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\roths\appdata\roaming\mozilla\firefox\profiles\xij9n86j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\roths\appdata\roaming\mozilla\firefox\profiles\xij9n86j.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-21 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-7-31 28552]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-2 338464]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 153448]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-6-7 179144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-22 136176]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-27 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-06-28 23:48:18 0 d-----w- c:\program files\iPod
2010-06-28 23:40:12 0 d-----w- c:\program files\Bonjour
2010-06-26 20:13:55 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-26 20:13:55 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-23 22:04:26 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 22:04:26 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 22:04:26 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 22:04:26 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 22:04:26 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 22:03:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 22:03:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-22 20:40:14 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-22 01:41:04 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-22 01:39:12 0 dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-06-22 01:04:53 0 d-----w- c:\program files\Trend Micro
2010-06-20 15:47:07 0 d-----w- c:\program files\LyricsFetcher
2010-06-20 06:16:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-20 05:05:35 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-20 05:04:16 3 ----a-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
2010-06-20 05:03:52 4052 ----a-w- c:\windows\system32\wbem\Wdf01000.mof
2010-06-20 05:03:52 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-06-20 05:03:52 118 ----a-w- c:\windows\system32\wbem\Wdf01000Uninstall.mof
2010-06-20 05:03:51 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-06-20 04:57:59 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-06-19 21:50:11 0 d-----w- c:\users\roths\appdata\roaming\HDRsoft
2010-06-19 19:27:06 0 d-----w- c:\program files\PhotomatixPro3
2010-06-19 17:33:05 0 d-----w- c:\program files\iTunes
2010-06-16 21:54:47 0 d-----w- c:\program files\Lavasoft
2010-06-09 00:48:35 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 00:43:36 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 00:43:01 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 00:43:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-07 22:21:47 179144 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-06-07 22:21:44 0 d-----w- c:\program files\Soluto
2010-06-07 22:21:06 0 d-----w- c:\programdata\Soluto

==================== Find3M ====================

2010-06-30 00:58:06 88947 ----a-w- c:\programdata\nvModes.dat
2010-06-28 23:43:21 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-28 23:43:20 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-28 23:43:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-28 02:32:58 245936 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-28 02:31:32 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-28 02:31:32 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-05-28 02:31:28 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-05-27 20:58:24 20 ----a-w- c:\users\roths\appdata\roaming\vqdlkr.dat
2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 20:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 00:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-18 08:20:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-05-10 22:55:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-25 15:40:23 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-12-25 15:40:23 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-12-25 15:40:23 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-12-25 15:40:23 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 16:37:11.77 ===============


#8 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 01 July 2010 - 08:49 PM

GMER file again.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-01 21:43:28
Windows 6.0.6002 Service Pack 2
Running: 8rvrjpz8.exe; Driver: C:\Users\Roths\AppData\Local\Temp\kgldqpoc.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? 843E6BF8
INT 0x52 ? 85540DE0
INT 0x62 ? 85540DE0
INT 0x82 ? 843E6BF8
INT 0x92 ? 843E6BF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\sphm.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8855941B 5 Bytes JMP 855403C0
.text a5aedl7o.SYS 8BF2F000 22 Bytes [82, 83, 61, 82, 6C, 82, 61, ...]
.text a5aedl7o.SYS 8BF2F017 106 Bytes [00, 32, C7, F0, 87, 3D, C5, ...]
.text a5aedl7o.SYS 8BF2F082 74 Bytes [65, 82, E7, 20, 65, 82, C6, ...]
.text a5aedl7o.SYS 8BF2F0CE 10 Bytes [00, 00, 00, 00, 00, 00, 6A, ...]
.text a5aedl7o.SYS 8BF2F0DA 12 Bytes [00, 00, 02, 00, 00, 00, 25, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [87E036D2] \SystemRoot\System32\Drivers\sphm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87E03040] \SystemRoot\System32\Drivers\sphm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [87E037FC] \SystemRoot\System32\Drivers\sphm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [87E030BE] \SystemRoot\System32\Drivers\sphm.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [87E0313C] \SystemRoot\System32\Drivers\sphm.sys
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\a5aedl7o.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [87E13048] \SystemRoot\System32\Drivers\sphm.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851AF1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 843E81F8
Device \Driver\usbohci \Device\USBPDO-0 855D01F8
Device \Driver\usbehci \Device\USBPDO-1 855D2488
Device \Driver\usbohci \Device\USBPDO-2 855D01F8
Device \Driver\usbehci \Device\USBPDO-3 855D2488
Device \Driver\volmgr \Device\HarddiskVolume1 843E81F8
Device \Driver\PCI_PNP0451 \Device\00000058 sphm.sys
Device \Driver\volmgr \Device\HarddiskVolume2 843E81F8
Device \Driver\cdrom \Device\CdRom0 855DB488
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 851AE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 851AE1F8
Device \Driver\atapi \Device\Ide\IdePort0 851AE1F8
Device \Driver\atapi \Device\Ide\IdePort1 851AE1F8
Device \Driver\atapi \Device\Ide\IdePort2 851AE1F8
Device \Driver\atapi \Device\Ide\IdePort3 851AE1F8
Device \Driver\cdrom \Device\CdRom1 855DB488
Device \Driver\sptd \Device\159848459 sphm.sys
Device \Driver\iScsiPrt \Device\RaidPort0 8566F1F8
Device \Driver\usbohci \Device\USBFDO-0 855D01F8
Device \Driver\usbehci \Device\USBFDO-1 855D2488
Device \Driver\usbohci \Device\USBFDO-2 855D01F8
Device \Driver\usbehci \Device\USBFDO-3 855D2488
Device \Driver\VClone \Device\Scsi\VClone1 856751F8
Device \Driver\a5aedl7o \Device\Scsi\a5aedl7o1Port6Path0Target0Lun0 8561A1F8
Device \Driver\a5aedl7o \Device\Scsi\a5aedl7o1 8561A1F8
Device \FileSystem\cdfs \Cdfs 8580A1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xB6 0x9C 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x04 0x38 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0xBE 0x9A 0xC3 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0xB6 0x9C 0x6E ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xC9 0x04 0x38 0x58 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x40 0xBE 0x9A 0xC3 ...

---- EOF - GMER 1.0.15 ----


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:19 AM

Posted 03 July 2010 - 06:42 AM

Hello, buckeyefan58
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.






Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 04 July 2010 - 05:26 PM

Thank you for your help, Tom. This issue has been driving me crazy.

09:21:50:380 1388 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
09:21:50:380 1388 ================================================================================
09:21:50:380 1388 SystemInfo:

09:21:50:380 1388 OS Version: 6.0.6002 ServicePack: 2.0
09:21:50:380 1388 Product type: Workstation
09:21:50:380 1388 ComputerName: ROTHS-LAPTOP
09:21:50:381 1388 UserName: Roths
09:21:50:381 1388 Windows directory: C:\Windows
09:21:50:381 1388 System windows directory: C:\Windows
09:21:50:381 1388 Processor architecture: Intel x86
09:21:50:381 1388 Number of processors: 2
09:21:50:381 1388 Page size: 0x1000
09:21:50:383 1388 Boot type: Normal boot
09:21:50:383 1388 ================================================================================
09:22:00:789 1388 Initialize success
09:22:00:791 1388
09:22:00:791 1388 Scanning Services ...
09:22:01:541 1388 Raw services enum returned 467 services
09:22:01:568 1388
09:22:01:568 1388 Scanning Drivers ...
09:22:02:558 1388 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:22:02:641 1388 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:22:02:700 1388 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:22:02:743 1388 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:22:02:785 1388 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:22:02:842 1388 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
09:22:02:875 1388 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:22:02:946 1388 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:22:02:989 1388 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:22:03:023 1388 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:22:03:090 1388 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:22:03:204 1388 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:22:03:250 1388 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
09:22:03:283 1388 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:22:03:313 1388 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:22:03:406 1388 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:22:03:446 1388 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:22:03:517 1388 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
09:22:03:765 1388 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:22:03:819 1388 BDFM (67c2a47db7190673350a3f9f5a1507cb) C:\Windows\system32\DRIVERS\bdfm.sys
09:22:03:897 1388 bdfsfltr (a21a4a0e6bdf0c2be0fabfa16d8c8f76) C:\Windows\system32\DRIVERS\bdfsfltr.sys
09:22:03:971 1388 bdftdif (0bdbf842a39d6c5640ba4b8acf29aa06) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
09:22:04:199 1388 BDSelfPr (0d756ced21d977ae32539da1f41bf879) C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys
09:22:04:430 1388 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:22:04:509 1388 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
09:22:04:570 1388 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:22:04:607 1388 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:22:04:645 1388 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:22:04:689 1388 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:22:04:722 1388 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:22:04:751 1388 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:22:04:789 1388 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:22:04:844 1388 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:22:04:914 1388 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:22:04:954 1388 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:22:05:015 1388 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:22:05:074 1388 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:22:05:114 1388 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:22:05:169 1388 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
09:22:05:390 1388 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:22:05:404 1388 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:22:05:431 1388 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:22:05:475 1388 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
09:22:05:517 1388 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:22:05:564 1388 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:22:05:631 1388 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
09:22:05:679 1388 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
09:22:05:713 1388 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:22:05:754 1388 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:22:05:804 1388 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:22:05:886 1388 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:22:05:968 1388 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:22:06:055 1388 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:22:06:110 1388 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:22:06:152 1388 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:22:06:183 1388 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:22:06:236 1388 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:22:06:259 1388 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:22:06:292 1388 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:22:06:338 1388 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:22:06:474 1388 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
09:22:06:693 1388 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:22:06:744 1388 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:22:06:784 1388 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:22:06:839 1388 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:22:06:885 1388 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:22:06:930 1388 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:22:07:003 1388 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
09:22:07:045 1388 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:22:07:119 1388 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:22:07:176 1388 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:22:07:374 1388 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:22:07:441 1388 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:22:07:483 1388 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:22:07:572 1388 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:22:07:691 1388 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:22:07:737 1388 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:22:07:774 1388 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
09:22:07:806 1388 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
09:22:07:856 1388 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:22:07:909 1388 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:22:07:975 1388 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:22:08:035 1388 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:22:08:074 1388 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:22:08:139 1388 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:22:08:183 1388 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:22:08:241 1388 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:22:08:293 1388 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:22:08:342 1388 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:22:08:391 1388 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\Windows\system32\drivers\klmd.sys
09:22:08:452 1388 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:22:08:551 1388 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
09:22:08:593 1388 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:22:08:686 1388 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:22:08:719 1388 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:22:08:753 1388 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:22:08:811 1388 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:22:08:858 1388 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:22:08:941 1388 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:22:09:001 1388 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:22:09:046 1388 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:22:09:089 1388 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:22:09:123 1388 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:22:09:158 1388 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:22:09:203 1388 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:22:09:261 1388 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:22:09:291 1388 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:22:09:329 1388 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:22:09:390 1388 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:22:09:420 1388 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:22:09:495 1388 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:22:09:532 1388 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:22:09:579 1388 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:22:09:643 1388 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:22:09:692 1388 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:22:09:751 1388 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:22:09:811 1388 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:22:09:868 1388 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:22:09:924 1388 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:22:09:958 1388 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:22:09:994 1388 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:22:10:036 1388 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:22:10:084 1388 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:22:10:214 1388 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:22:10:268 1388 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:22:10:310 1388 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:22:10:362 1388 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:22:10:497 1388 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:22:10:528 1388 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:22:10:581 1388 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:22:10:705 1388 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:22:10:755 1388 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:22:10:805 1388 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:22:10:903 1388 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:22:10:995 1388 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:22:11:040 1388 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:22:11:113 1388 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:22:11:605 1388 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:22:11:952 1388 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:22:12:010 1388 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
09:22:12:036 1388 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:22:12:076 1388 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:22:12:147 1388 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:22:12:188 1388 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:22:12:223 1388 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:22:12:266 1388 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:22:12:324 1388 PCGenFAM (9c72ad03cf0ea36de0383efd3b3f9758) C:\Windows\system32\DRIVERS\PCGenFAM.sys
09:22:12:382 1388 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:22:12:411 1388 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:22:12:468 1388 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:22:12:532 1388 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
09:22:12:634 1388 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:22:12:740 1388 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
09:22:12:796 1388 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:22:12:846 1388 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:22:12:941 1388 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
09:22:13:034 1388 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:22:13:133 1388 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:22:13:201 1388 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:22:13:271 1388 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:22:13:322 1388 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:22:13:361 1388 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:22:13:412 1388 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:22:13:471 1388 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:22:13:532 1388 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:22:13:574 1388 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:22:13:640 1388 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:22:13:670 1388 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:22:13:737 1388 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:22:13:827 1388 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
09:22:13:949 1388 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
09:22:14:029 1388 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
09:22:14:165 1388 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:22:14:235 1388 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:22:14:297 1388 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
09:22:14:328 1388 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:22:14:377 1388 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:22:14:420 1388 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:22:14:495 1388 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:22:14:559 1388 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
09:22:14:612 1388 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:22:14:666 1388 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:22:14:702 1388 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:22:14:729 1388 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:22:14:776 1388 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:22:14:823 1388 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:22:14:884 1388 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:22:14:943 1388 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:22:15:052 1388 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
09:22:15:053 1388 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
09:22:15:133 1388 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
09:22:15:172 1388 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
09:22:15:215 1388 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
09:22:15:279 1388 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:22:15:339 1388 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:22:15:402 1388 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:22:15:443 1388 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:22:15:512 1388 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys
09:22:15:752 1388 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
09:22:15:823 1388 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
09:22:15:886 1388 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:22:15:938 1388 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:22:15:979 1388 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:22:16:035 1388 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:22:16:157 1388 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:22:16:362 1388 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys
09:22:16:501 1388 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:22:16:557 1388 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:22:16:638 1388 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:22:16:698 1388 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:22:16:782 1388 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:22:16:889 1388 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:22:16:939 1388 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:22:16:970 1388 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:22:17:003 1388 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:22:17:060 1388 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:22:17:108 1388 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
09:22:17:234 1388 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
09:22:17:293 1388 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:22:17:346 1388 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:22:17:388 1388 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:22:17:455 1388 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:22:17:503 1388 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
09:22:17:543 1388 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:22:17:582 1388 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:22:17:685 1388 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
09:22:17:742 1388 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
09:22:17:797 1388 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
09:22:17:911 1388 VClone (9bf2ea54e5ed5acdf96f1dec84c117c4) C:\Windows\system32\DRIVERS\VClone.sys
09:22:18:001 1388 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:22:18:054 1388 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:22:18:099 1388 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:22:18:138 1388 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:22:18:179 1388 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:22:18:236 1388 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:22:18:301 1388 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:22:18:363 1388 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:22:18:420 1388 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:22:18:469 1388 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:22:18:526 1388 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:22:18:537 1388 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:22:18:591 1388 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:22:18:668 1388 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:22:18:752 1388 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:22:18:838 1388 WINUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
09:22:18:962 1388 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:22:19:030 1388 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:22:19:098 1388 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:22:19:159 1388 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
09:22:19:274 1388 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
09:22:19:314 1388
09:22:19:314 1388 Completed
09:22:19:315 1388
09:22:19:315 1388 Results:
09:22:19:315 1388 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:22:19:316 1388 File objects infected / cured / cured on reboot: 0 / 0 / 0
09:22:19:316 1388
09:22:19:321 1388 KLMD(ARK) unloaded successfully


ComboFix 10-07-04.01 - Roths 07/04/2010 17:39:21.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1237 [GMT -4:00]
Running from: c:\users\Roths\Desktop\schrauber.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Roths\AppData\Local\{4D04EAA2-3A11-4D66-A40A-AC8C37010551}
c:\users\Roths\AppData\Local\{4D04EAA2-3A11-4D66-A40A-AC8C37010551}\chrome.manifest
c:\users\Roths\AppData\Local\{4D04EAA2-3A11-4D66-A40A-AC8C37010551}\chrome\content\_cfg.js
c:\users\Roths\AppData\Local\{4D04EAA2-3A11-4D66-A40A-AC8C37010551}\chrome\content\overlay.xul
c:\users\Roths\AppData\Local\{4D04EAA2-3A11-4D66-A40A-AC8C37010551}\install.rdf
c:\users\Roths\AppData\Roaming\inst.exe
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2010-06-04 to 2010-07-04 )))))))))))))))))))))))))))))))
.

2010-07-04 21:53 . 2010-07-04 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-28 23:48 . 2010-06-28 23:48 -------- d-----w- c:\program files\iPod
2010-06-28 23:45 . 2010-06-28 23:46 -------- d-----w- c:\program files\QuickTime
2010-06-28 23:44 . 2010-06-28 23:44 -------- d-----w- c:\program files\Apple Software Update
2010-06-28 23:40 . 2010-06-28 23:40 -------- d-----w- c:\program files\Bonjour
2010-06-26 20:13 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-26 20:13 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-06-23 22:04 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 22:04 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 22:04 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 22:04 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 22:04 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 22:03 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 22:03 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-22 20:40 . 2010-06-22 01:40 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-22 01:41 . 2010-06-22 01:40 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-22 01:39 . 2010-06-22 01:39 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-06-22 01:39 . 2009-01-18 21:43 2892112 -c--a-w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2010-06-22 01:05 . 2010-06-22 01:05 388096 ----a-r- c:\users\Roths\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-22 01:04 . 2010-06-22 01:04 -------- d-----w- c:\program files\Trend Micro
2010-06-20 15:55 . 2010-06-20 18:15 -------- d-----w- c:\users\Roths\AppData\Local\LyricsFetcher
2010-06-20 05:03 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-06-20 05:03 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-06-20 04:57 . 2010-05-28 02:31 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-06-19 21:50 . 2010-06-19 21:50 -------- d-----w- c:\users\Roths\AppData\Roaming\HDRsoft
2010-06-19 19:27 . 2010-06-19 19:27 -------- d-----w- c:\program files\PhotomatixPro3
2010-06-19 17:33 . 2010-06-28 23:50 -------- d-----w- c:\program files\iTunes
2010-06-16 21:54 . 2010-06-22 01:39 -------- d-----w- c:\program files\Lavasoft
2010-06-16 00:01 . 2010-06-16 00:01 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-09 23:56 . 2010-06-16 21:53 -------- d-----w- c:\users\Roths\AppData\Roaming\Lavasoft
2010-06-09 00:48 . 2010-05-01 14:13 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 00:43 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 00:43 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 00:43 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-07 22:21 . 2010-06-02 17:41 179144 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-06-07 22:21 . 2010-06-07 22:21 -------- d-----w- c:\program files\Soluto
2010-06-07 22:21 . 2010-06-07 22:20 892680 ----a-w- c:\programdata\Soluto\Installer\SolutoInstaller.exe
2010-06-07 22:21 . 2010-06-07 22:47 -------- d-----w- c:\programdata\Soluto

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-04 21:13 . 2009-04-25 20:24 88947 ----a-w- c:\programdata\nvModes.dat
2010-07-04 13:27 . 2009-04-26 20:45 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-02 19:42 . 2009-08-01 02:26 -------- d-----w- c:\program files\Panda Security
2010-07-02 19:42 . 2007-12-06 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 19:41 . 2007-12-06 04:53 -------- d-----w- c:\program files\CyberLink
2010-07-02 02:01 . 2009-10-09 18:12 -------- d-----w- c:\program files\Gabest
2010-07-02 01:58 . 2009-12-29 14:56 -------- d-----w- c:\programdata\Rosetta Stone
2010-06-28 23:48 . 2009-04-26 00:01 -------- d-----w- c:\program files\Common Files\Apple
2010-06-28 23:45 . 2009-04-26 00:03 -------- d-----w- c:\programdata\Apple Computer
2010-06-26 21:00 . 2009-05-10 23:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-26 20:54 . 2007-12-06 05:18 -------- d-----w- c:\program files\Java
2010-06-26 02:54 . 2009-05-17 17:03 -------- d-----w- c:\programdata\X10 Settings
2010-06-23 22:08 . 2009-11-20 02:24 -------- d-----w- c:\program files\Microsoft.NET
2010-06-22 01:39 . 2009-08-01 11:38 -------- d-----w- c:\programdata\Lavasoft
2010-06-22 01:35 . 2009-06-20 19:15 -------- d-----w- c:\program files\PeerGuardian2
2010-06-20 06:16 . 2010-06-20 06:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-20 05:05 . 2010-06-20 05:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-10 23:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 00:57 . 2007-12-06 04:46 -------- d-----w- c:\programdata\Microsoft Help
2010-06-07 22:41 . 2009-06-21 22:10 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-07 22:11 . 2009-04-26 20:21 -------- d-----w- c:\programdata\DVD Shrink
2010-05-31 20:53 . 2009-10-28 01:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 20:47 . 2010-05-27 21:00 120 ----a-w- c:\users\Roths\AppData\Local\Ygepodijipataxu.dat
2010-05-31 11:35 . 2010-05-27 21:00 0 ----a-w- c:\users\Roths\AppData\Local\Vwawaqiqa.bin
2010-05-28 13:19 . 2009-04-26 15:37 -------- d-----w- c:\program files\WallpaperSS
2010-05-28 13:19 . 2009-04-25 17:14 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-28 13:19 . 2007-12-06 05:02 -------- d-----w- c:\program files\earthlink totalaccess
2010-05-28 02:32 . 2010-05-28 02:32 245936 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-28 02:31 . 2010-05-28 02:31 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-28 02:31 . 2007-01-12 18:57 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-05-28 02:31 . 2010-05-28 02:31 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2010-05-27 20:58 . 2010-05-27 20:57 20 ----a-w- c:\users\Roths\AppData\Roaming\vqdlkr.dat
2010-05-27 18:11 . 2009-08-22 17:55 680 ----a-w- c:\users\Roths\AppData\Local\d3d9caps.dat
2010-05-26 01:54 . 2010-05-26 01:54 -------- d-----w- c:\program files\SyncToy 2.1
2010-05-26 01:53 . 2010-05-26 01:53 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-05-23 03:34 . 2010-05-23 03:33 -------- d-----w- c:\program files\Google
2010-05-22 21:44 . 2009-04-26 20:23 -------- d-----w- c:\users\Roths\AppData\Roaming\Vso
2010-05-22 18:21 . 2009-04-26 00:05 -------- d-----w- c:\users\Roths\AppData\Roaming\Apple Computer
2010-05-22 03:16 . 2010-05-22 03:13 -------- d-----w- c:\program files\Pocket Informant
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 14:38 . 2010-05-13 14:38 -------- d-----w- c:\programdata\Geek Squad
2010-05-04 05:59 . 2010-06-09 00:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 00:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 00:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 00:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-29 19:39 . 2009-10-28 01:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-10-28 01:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:13 . 2010-05-26 00:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-20 00:47 . 2010-04-20 00:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2010-04-20 00:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 16:43 . 2010-06-23 22:03 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 22:03 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 22:03 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 22:03 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WallpaperSS"="c:\program files\WallpaperSS\WallpaperSS.exe" [2009-01-09 454288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-28 1721640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
backup=c:\windows\pss\TotalMedia Backup Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Roths^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JMicron Button Manager.lnk]
backup=c:\windows\pss\JMicron Button Manager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Roths^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-15 01:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 20:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-23 21:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 21:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-10-01 03:34 181544 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:ea,a1,1c,2b,7d,39,ca,01

R0 Cdr4vsd;Cdr4vsd; [x]
R0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-06-02 179144]
R2 Cdralwnt;Cdralwnt; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 136176]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-22 1029456]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-29 717296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-22 64160]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-06-02 338464]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-03-30 153448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 03:33]

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 03:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.net/index.php
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyServer = 169.229.50.14:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-hpWirelessAssistant - c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSConfigStartUp-WAWifiMessage - c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-04 17:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-04 17:57:34
ComboFix-quarantined-files.txt 2010-07-04 21:57

Pre-Run: 11,624,185,856 bytes free
Post-Run: 11,667,267,584 bytes free

- - End Of File - - B8CC334E47EF92D36FB71847B11FA493

#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:19 AM

Posted 06 July 2010 - 03:58 PM

Hi,


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.






I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 06 July 2010 - 05:08 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4285

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/6/2010 6:05:01 PM
mbam-log-2010-07-06 (18-05-01).txt

Scan type: Quick scan
Objects scanned: 131088
Time elapsed: 8 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#13 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 06 July 2010 - 07:37 PM

OTL logfile created on: 7/6/2010 7:02:14 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Roths\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.18 Gb Total Space | 10.69 Gb Free Space | 7.79% Space Free | Partition Type: NTFS
Drive D: | 11.87 Gb Total Space | 0.52 Gb Free Space | 4.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROTHS-LAPTOP
Current User Name: Roths
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/06 18:59:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Roths\Desktop\OTL.exe
PRC - [2010/06/27 21:36:51 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/02 13:51:12 | 003,307,552 | ---- | M] (Soluto) -- C:\Program Files\Soluto\Soluto.exe
PRC - [2010/06/02 13:51:12 | 000,338,464 | ---- | M] (Soluto) -- C:\Program Files\Soluto\SolutoService.exe
PRC - [2010/05/04 17:28:12 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/04/01 15:48:56 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/04/01 15:46:29 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/01/11 13:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/10/26 15:45:46 | 000,542,272 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2009/10/26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/09 17:51:02 | 000,454,288 | ---- | M] (Gianpaolo Bottin) -- C:\Program Files\WallpaperSS\WallpaperSS.exe
PRC - [2007/06/11 16:04:36 | 000,190,696 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe
PRC - [2007/03/05 14:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe


========== Modules (SafeList) ==========

MOD - [2010/07/06 18:59:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Roths\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ImapiService)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2010/06/21 21:40:25 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/02 13:51:12 | 000,338,464 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2010/05/04 17:28:12 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/01 15:46:36 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/11 13:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/12/28 20:36:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/19 16:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/05 14:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Roths\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2010/06/21 21:40:42 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 13:41:56 | 000,179,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\PCGenFAM.sys -- (PCGenFAM)
DRV - [2010/05/27 22:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/05/04 17:28:29 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Stopped] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/05/04 17:28:28 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/04/01 15:46:57 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/03/30 19:38:21 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\bdfm.sys -- (BDFM)
DRV - [2010/03/30 19:38:21 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/03/30 19:38:21 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/12/29 11:03:16 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2008/12/04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/24 06:29:25 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VClone.sys -- (VClone)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/11/01 08:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 08:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 08:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/09 18:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 14:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/02 14:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/05/30 19:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/index.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 169.229.50.14:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/06/28 17:48:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 19:46:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 19:46:50 | 000,000,000 | ---D | M]

[2009/05/15 23:07:49 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\Mozilla\Extensions
[2009/05/15 23:07:49 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/06 15:53:26 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\extensions
[2010/04/27 18:08:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/27 20:59:59 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009/06/04 15:08:41 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/04/30 20:41:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/23 17:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/19 17:59:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/10 20:26:57 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\extensions\firefox@tvunetworks.com
[2010/04/19 18:00:05 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\Mozilla\Firefox\Profiles\xij9n86j.default\extensions\personas@christopher.beard
[2010/06/26 16:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/08/03 16:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/07/04 17:53:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe (Gianpaolo Bottin)
O4 - Startup: C:\Users\Roths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mygmgw.gm.com/http://usabhembma16.m...om/iNotes6W.cab (iNotes6 Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper: C:\Users\Roths\AppData\Roaming\WallpaperSS\Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Roths\AppData\Roaming\WallpaperSS\Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/06 00:36:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/06 18:59:29 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Roths\Desktop\OTL.exe
[2010/07/06 18:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/04 17:57:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/04 17:34:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/04 09:30:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/04 09:30:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/04 09:30:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/04 09:30:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/04 09:21:08 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Users\Roths\Desktop\TDSSKiller.exe
[2010/06/28 19:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/28 19:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/28 19:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/28 19:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/27 21:34:04 | 000,000,000 | ---D | C] -- C:\Users\Roths\Desktop\Family Movies
[2010/06/23 18:14:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/23 17:49:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/06/21 21:41:04 | 000,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/06/21 21:39:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010/06/21 21:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/20 11:55:43 | 000,000,000 | ---D | C] -- C:\Users\Roths\AppData\Local\LyricsFetcher
[2010/06/20 00:57:59 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll
[2010/06/19 17:50:11 | 000,000,000 | ---D | C] -- C:\Users\Roths\AppData\Roaming\HDRsoft
[2010/06/19 15:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro3
[2010/06/19 13:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/16 17:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/09 19:56:34 | 000,000,000 | ---D | C] -- C:\Users\Roths\AppData\Roaming\Lavasoft
[2010/06/07 18:21:47 | 000,179,144 | ---- | C] (Soluto LTD.) -- C:\Windows\System32\drivers\PCGenFAM.sys
[2010/06/07 18:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2010/06/07 18:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
[2010/05/27 22:32:58 | 000,245,936 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys
[2010/05/27 22:31:32 | 000,165,160 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPAPI.dll
[2010/05/27 22:31:28 | 000,210,216 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCtrl.dll
[2010/05/25 21:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1
[2010/05/25 21:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/05/22 23:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/22 23:33:41 | 000,000,000 | ---D | C] -- C:\Users\Roths\AppData\Local\Google
[2010/05/22 01:33:31 | 000,000,000 | ---D | C] -- C:\Users\Roths\Documents\ArcSoft
[2010/05/21 23:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Pocket Informant
[2010/05/21 21:13:31 | 000,000,000 | ---D | C] -- C:\Users\Roths\Desktop\Insanity Documents
[2010/05/13 10:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Geek Squad
[2010/05/04 19:34:53 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/25 00:20:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\TVUAx

========== Files - Modified Within 90 Days ==========

[2010/07/06 19:03:00 | 002,097,152 | -HS- | M] () -- C:\Users\Roths\NTUSER.DAT
[2010/07/06 18:59:33 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Roths\Desktop\OTL.exe
[2010/07/06 18:44:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/06 18:12:11 | 000,088,947 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/06 18:11:54 | 002,672,312 | ---- | M] () -- C:\Users\Roths\Desktop\esetsmartinstaller_enu.exe
[2010/07/06 17:34:55 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/06 17:34:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/06 15:41:40 | 000,088,947 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/06 15:34:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/06 15:34:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/06 15:34:46 | 2079,207,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/05 19:03:56 | 000,524,288 | -HS- | M] () -- C:\Users\Roths\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/05 19:03:56 | 000,065,536 | -HS- | M] () -- C:\Users\Roths\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/05 19:03:36 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2010/07/05 19:03:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/05 00:53:54 | 001,707,590 | -H-- | M] () -- C:\Users\Roths\AppData\Local\IconCache.db
[2010/07/04 17:53:29 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/04 17:53:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/04 17:34:42 | 003,726,308 | R--- | M] () -- C:\Users\Roths\Desktop\schrauber.exe
[2010/07/04 09:16:16 | 000,981,780 | ---- | M] () -- C:\Users\Roths\Desktop\tdsskiller.zip
[2010/07/03 09:07:17 | 000,002,609 | ---- | M] () -- C:\Users\Roths\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010/07/02 21:33:41 | 000,031,744 | ---- | M] () -- C:\Users\Roths\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 14:57:54 | 000,002,255 | ---- | M] () -- C:\Users\Roths\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/01 20:01:16 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/01 20:01:16 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/01 20:01:16 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Users\Roths\Desktop\TDSSKiller.exe
[2010/06/28 18:23:52 | 000,002,651 | ---- | M] () -- C:\Users\Roths\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/06/24 21:52:20 | 000,011,503 | ---- | M] () -- C:\Users\Roths\Desktop\Grand Rapids.docx
[2010/06/23 19:33:28 | 000,002,267 | ---- | M] () -- C:\Users\Roths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk
[2010/06/21 21:40:58 | 000,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/06/21 21:40:42 | 000,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/06/21 18:12:51 | 000,012,538 | ---- | M] () -- C:\Users\Roths\Documents\cc_20100621_181230.reg
[2010/06/20 02:16:05 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/06/20 01:05:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/06/19 15:27:09 | 000,001,765 | ---- | M] () -- C:\Users\Roths\Desktop\Photomatix Pro 3.lnk
[2010/06/16 18:00:09 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/16 17:55:38 | 000,017,661 | ---- | M] () -- C:\Users\Roths\Desktop\installinmstruct.docx
[2010/06/08 21:27:23 | 000,394,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/07 18:23:10 | 000,000,112 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/02 13:41:56 | 000,179,144 | ---- | M] (Soluto LTD.) -- C:\Windows\System32\drivers\PCGenFAM.sys
[2010/06/01 18:18:55 | 000,000,036 | ---- | M] () -- C:\Users\Roths\AppData\Local\housecall.guid.cache
[2010/05/31 16:47:02 | 000,000,120 | ---- | M] () -- C:\Users\Roths\AppData\Local\Ygepodijipataxu.dat
[2010/05/31 07:35:49 | 000,000,000 | ---- | M] () -- C:\Users\Roths\AppData\Local\Vwawaqiqa.bin
[2010/05/28 10:31:16 | 000,001,748 | ---- | M] () -- C:\Users\Roths\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/27 22:32:58 | 000,245,936 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys
[2010/05/27 22:31:32 | 000,165,160 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\SynTPAPI.dll
[2010/05/27 22:31:32 | 000,120,104 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo4.dll
[2010/05/27 22:31:28 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\SynCtrl.dll
[2010/05/27 22:31:26 | 000,173,352 | ---- | M] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll
[2010/05/27 16:58:24 | 000,000,020 | ---- | M] () -- C:\Users\Roths\AppData\Roaming\vqdlkr.dat
[2010/05/27 14:11:00 | 000,000,680 | ---- | M] () -- C:\Users\Roths\AppData\Local\d3d9caps.dat
[2010/05/22 17:44:32 | 000,001,044 | ---- | M] () -- C:\Users\Roths\AppData\Roaming\vso_ts_preview.xml
[2010/05/21 23:19:13 | 003,035,969 | ---- | M] () -- C:\Users\Roths\Desktop\Reference.pdf
[2010/05/18 20:59:41 | 000,034,726 | ---- | M] () -- C:\Users\Roths\Desktop\Basal.xlsx
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2010/07/06 18:11:52 | 002,672,312 | ---- | C] () -- C:\Users\Roths\Desktop\esetsmartinstaller_enu.exe
[2010/07/04 09:30:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/04 09:30:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/04 09:30:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/04 09:30:31 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/04 09:30:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/04 09:23:33 | 003,726,308 | R--- | C] () -- C:\Users\Roths\Desktop\schrauber.exe
[2010/07/04 09:16:14 | 000,981,780 | ---- | C] () -- C:\Users\Roths\Desktop\tdsskiller.zip
[2010/07/01 21:44:56 | 2079,207,424 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/29 21:34:03 | 000,002,255 | ---- | C] () -- C:\Users\Roths\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/06/24 20:44:15 | 000,011,503 | ---- | C] () -- C:\Users\Roths\Desktop\Grand Rapids.docx
[2010/06/22 16:40:14 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/06/21 18:12:38 | 000,012,538 | ---- | C] () -- C:\Users\Roths\Documents\cc_20100621_181230.reg
[2010/06/20 02:16:05 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/06/20 01:05:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/06/20 01:04:16 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/06/19 15:27:09 | 000,001,765 | ---- | C] () -- C:\Users\Roths\Desktop\Photomatix Pro 3.lnk
[2010/06/16 17:55:35 | 000,017,661 | ---- | C] () -- C:\Users\Roths\Desktop\installinmstruct.docx
[2010/06/07 18:23:10 | 000,000,112 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/28 10:31:15 | 000,001,748 | ---- | C] () -- C:\Users\Roths\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/05/27 17:00:53 | 000,000,120 | ---- | C] () -- C:\Users\Roths\AppData\Local\Ygepodijipataxu.dat
[2010/05/27 17:00:53 | 000,000,000 | ---- | C] () -- C:\Users\Roths\AppData\Local\Vwawaqiqa.bin
[2010/05/27 16:57:47 | 000,000,020 | ---- | C] () -- C:\Users\Roths\AppData\Roaming\vqdlkr.dat
[2010/05/22 23:34:02 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/22 23:33:59 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/22 14:26:22 | 000,002,267 | ---- | C] () -- C:\Users\Roths\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iTunes.lnk
[2010/05/21 23:19:09 | 003,035,969 | ---- | C] () -- C:\Users\Roths\Desktop\Reference.pdf
[2010/05/18 20:49:51 | 000,034,726 | ---- | C] () -- C:\Users\Roths\Desktop\Basal.xlsx
[2009/12/29 11:03:15 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/09/17 03:12:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/25 17:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/15 12:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2009/01/08 19:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/12/09 23:55:14 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2009/06/20 15:20:49 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\.BitTornado
[2009/05/01 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\Amazon
[2010/03/29 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\BitDefender
[2009/12/29 11:22:23 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\DAEMON Tools
[2009/12/29 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\DAEMON Tools Lite
[2009/12/29 11:09:41 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\DAEMON Tools Pro
[2009/04/25 18:54:29 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2009/10/09 11:38:03 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\DVD2AVI Ripper Professional
[2010/06/19 17:50:11 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\HDRsoft
[2010/02/27 14:21:21 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\Ilium Software
[2010/03/22 20:17:50 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\LimeWire
[2010/01/05 21:30:03 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\Red Kawa
[2010/05/22 17:44:33 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\Vso
[2009/04/26 11:37:37 | 000,000,000 | ---D | M] -- C:\Users\Roths\AppData\Roaming\WallpaperSS
[2010/07/05 19:03:36 | 000,032,584 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/12/06 01:08:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/12/06 01:08:49 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/12/06 01:08:49 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\ERDNT\cache\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/25 15:24:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/04/25 15:24:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/04/25 15:24:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\ERDNT\cache\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2009/06/25 15:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2007/01/13 02:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtrans.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/03/30 19:38:21 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\bdfm.sys
[2010/04/01 15:46:57 | 000,291,352 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2009/12/29 11:03:16 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md5 >
[2010/07/06 15:34:46 | 2079,207,424 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/07/06 15:34:45 | 2393,034,752 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys
< End of report >


#14 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 06 July 2010 - 07:38 PM

OTL Extras logfile created on: 7/6/2010 7:02:14 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\Roths\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.18 Gb Total Space | 10.69 Gb Free Space | 7.79% Space Free | Partition Type: NTFS
Drive D: | 11.87 Gb Total Space | 0.52 Gb Free Space | 4.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROTHS-LAPTOP
Current User Name: Roths
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B9E766-E462-4186-A8DC-91DB9473CBA6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{0A936F43-69C9-420B-AA63-AA57D070EEF6}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0B66BC6D-36FD-442F-A702-4B84C3D02BC4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0D321D9F-F364-4477-BE7A-D6A2376C87A7}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{101AA972-0EF8-40F8-BB57-F4A0ABE75688}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{13EE005E-1718-4FBB-B0F4-B2054D02D541}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{21880B3D-CBD6-4956-AEAC-304AC49F9A26}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{390CEB25-A4B3-44C9-8564-D45D3F1DEE8D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40FD07EB-0D4E-43B3-98FC-C477DDAAAC06}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4F6D12B6-63DC-4C0F-A87B-63247297D765}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5BCCBECE-4547-4B94-B941-C229C907DD57}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5CCB6064-0A50-4DC9-973C-7E44ABB19FA0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{6C12B299-D355-4233-8DB0-9CDA3D36690F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{75811E30-4594-48D3-9ED7-1585D24003CA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{7D0E64BE-DAF1-4AB2-8487-AD3719E95B3B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{809152EC-A0E5-4442-B0DD-E070FC16B468}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{84E70144-40E9-4A05-A4EB-6FBB87BD55A4}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{AACEBD5C-AD35-4DE5-8DEA-99C8C722C8EB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B6A32A7B-7D02-47A4-88CA-1E7BFC4E1EEF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B8086DA1-5B6A-48D0-9786-A6D4C2C7E087}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CE567915-7673-4237-8FB8-31649FED27C9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D43A4A08-C8E9-4B3C-939D-FB615AD629D3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DDA2CB7D-286C-43BE-B4F7-12BD55BC83E4}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{EB169FFC-8A23-4574-AC54-1F6666E69004}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F5D85E48-FF0A-4DD4-91A9-BBCA1937F291}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F6FE3EFD-4C02-42F5-9775-DDE0FC823018}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F7A55CFD-29AA-430D-B523-F70D30C76E07}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086527A7-006E-4BD8-9850-DA804241142A}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{0DD800F4-5999-4BD2-9B7E-E3BC67378278}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{136C74CF-7FFD-44A3-9DC8-3A8B139D48CF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15F9A471-8027-46D7-B87D-3B00E00613F1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{180B4E0B-AA5C-4841-B79F-254DA8E46C68}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19973E3F-AACC-499A-A8EE-9C4AF6E80131}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1A3E1D32-567A-4B2F-8543-822F11D8B092}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1C4C09D4-4604-43A3-AC8C-C80BABD79241}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{23AF9207-CE36-40E2-A75F-BC5150AC1D3F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{272483BE-4D44-4B99-A387-AEC34F4E8086}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{27F74AE3-35E3-4C55-818C-B095624F9906}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{29EB739D-57C6-47D6-8AAB-33968A5437F6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2B7287A7-A857-4887-B060-FB9745D4D32E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43051DA5-771D-42A6-9BF4-59980C21DA91}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{44F4AE0E-4983-4846-B62D-C9477DD7947F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4548C136-0CC6-428F-9B34-013DF4459F20}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{46058D6B-2121-4AE6-8BD5-E6A6A9BB8A92}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{46CC6860-6AC9-4E08-ADD9-135ECA2FAD1C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{50CA9601-054C-407C-967C-BF61A13F2398}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{511DF547-62EB-4E38-968C-15F34EBA1E7D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{51C35E0B-0419-41E4-A3BF-CEC740BEF656}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5722309C-054D-43EC-B023-61B265989D4B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5F2BFACF-833E-4C72-89D8-05F541EF4C43}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6573FA09-6CFC-4998-9AA9-7E675A1FB0FD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{66182DAA-C061-40D2-A538-67C53D3EFFC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6A5B2DB2-A679-4989-A4E3-77C88E14F293}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{7131BD40-5C97-407B-BBD9-E183F4B689A0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{72864F9E-6424-4C0F-87A3-F1D7B33D0C55}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{73364A36-B372-4A2A-A758-D56BD2E153A0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{74ABAD8B-1CD6-4213-A0DF-1271F487ADAB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{797E4809-647C-4679-8C32-ACDBCC48A35E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7CDA16A0-AC59-47C7-B678-CF1E6DA613F1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{89EEF0ED-5EDE-416E-BFB2-2051840E772D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8ABE9B97-BD2F-40DB-9139-11B6765E9B2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D09B849-CADB-413D-994F-C5BBCEF80FEA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8F63E0E3-4859-416D-89CD-21820393C939}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91047E34-4FF9-4ADA-B4FB-BB290F0083FB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{93DC7A0C-B6CD-4927-BCBA-707C8D228972}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{9B22924B-C76E-4D1F-9509-C7228B4666A1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9C87115F-036F-4701-8604-D8A16F10D7F5}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{A2091466-FF07-477E-B583-D285AD66613C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A2B81A71-49EC-4C2C-B930-11C31640ACEC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A78A533A-12C0-487A-90F4-8F4A734F36D5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A982F447-2A73-421A-95B6-19F4D7DC7D5A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AA9103A0-3948-4D46-8AAC-9862A4BF8A94}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AEB8FFA9-0E95-478F-97FB-CF458559DF95}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B53655B4-6403-4A16-BB77-041FD462C49C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B95214A8-B009-4B97-A72D-287A9C6D1839}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B9DE348C-ED2E-4E0C-92D4-A094F852ED39}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BEC9C7EA-0DD8-48CC-B63E-9ABAC3242761}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C0812049-EA4C-4135-A582-BCE09E74ADFD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C174A6BD-06DE-4133-ADF3-6672C971807C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D012C21D-92AF-46C7-84E5-2763418DB4F5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D0628294-D809-4A19-9448-AA55A63222D1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D391F5EE-F8CB-4C47-BAD9-3E6E7311D836}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{D9778C69-A22E-4913-88F7-3CEFDAECC583}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DA420FAC-463E-48B4-B75F-044D62FC1B59}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DDD46D39-CA3D-49F1-B1D1-E6B861C13B9B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E3F5B870-3EDC-4E0D-8E1C-6EA664560AC6}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{E609DD4A-E9E7-4513-B89F-D5070D9C5FFA}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E79B2772-3A4F-493A-8438-9512BAFECC6C}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{E984AD07-42C1-477A-A0E9-58E76DD019D5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F5685B32-BBE6-4118-880C-F480430B63D5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F6CEE345-4A16-4ED8-9341-896B897B97A9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F9D0847E-EDE8-4D86-B4EC-FAC9FE5AE437}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1A306E14-5BAE-468A-891E-5C1D0717BEA6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3FBBDB2F-E9BC-4B72-9EF8-A6C27C0FA581}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{54126B60-C062-4DBA-85C2-1666A819148D}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{6117D959-4666-44AF-8427-2A6979A2A12E}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{8C8A280B-D64F-46C7-A990-03DF2779A7A1}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8CC3AD1C-A66D-4CD5-8F68-F728A152DB81}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A1830B11-E2CA-4543-A081-D515EBB091C7}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{FE979ACD-C3EF-413C-8D0C-AA21818C038C}C:\users\roths\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\users\roths\desktop\my mobile\mymobiler\mymobiler.exe |
"UDP Query User{10829DDD-7DB3-4C97-97E6-D8945D4A9745}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{15C4F6E8-4BDB-4B84-9236-A8F8AFA775ED}C:\users\roths\desktop\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\users\roths\desktop\my mobile\mymobiler\mymobiler.exe |
"UDP Query User{1F1B5F2F-92B2-4C5C-BEF2-D09809086AD5}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{35E40145-13BA-4B2B-A673-48A23D282FFF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{486DEB75-45BA-43F0-AC71-179AE48CD6EF}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{5B123DA5-01DE-48BD-818F-D2655EEC5A11}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{AF5BB411-2D2D-4E07-A3D9-09E4320E8D2F}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{E3035131-02EE-4842-831E-3FC180435EC8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39C16060-EAA2-012B-ADFC-000000000000}" = TurboTax 2009 wmiiper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A767523-247A-4C30-895D-09824520E54C}" = iTunesFolderWatch
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{58A49B80-2595-4C9D-B3EB-261E68A2C4D1}_is1" = Wallpaper SlideShow LT 1.4.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3423C7-7F9B-4453-B807-5994A5F39B9D}" = BitDefender Antivirus 2010
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.12.174
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87A54796-0620-4899-BAF7-7778A7FB54CB}" = ArcSoft TotalMedia Backup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A1FA92EE-84A3-447D-A6C6-4514B5936DC2}" = BitDefender Antivirus 2009
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B73BEEBE-3D94-2634-B5D1-28B8269489FF}" = twhirl
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EE0D1E40-7ABA-4D7B-B4B5-F86AFFD2FF50}" = Soluto
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"ActiveHomePro" = ActiveHome Pro
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"BitTornado" = BitTornado 0.3.17
"Canon iP4500 series User Registration" = Canon iP4500 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"Ilium Software eWallet_is1" = eWallet 5.0 Professional Edition (Windows Mobile)
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"JMicron" = Button Manager of JMicron
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MWSnap 3" = MWSnap 3
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.9
"Pocket Informant" = Pocket Informant 9.10 Build 2413
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2009" = TurboTax 2009
"Veetle TV" = Veetle TV 0.9.16
"Videora iPod Converter" = Videora iPod Converter 5.03
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper_is1" = WinX DVD Ripper 4.1.4
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"YouTube Downloader App" = YouTube Downloader App 2.03

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#15 buckeyefan58

buckeyefan58
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 07 July 2010 - 07:31 AM

ESET scan results.

C:\SWSETUP\AOLIMS\setup.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users