Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Variant.Hiloti.1 infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 norms

norms

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:40 AM

Posted 23 July 2010 - 11:32 PM

Bit Defender caught this Trojan "in the act" so I ran Malwarebytes and it found a lot more than just this Trojan (42 infections to exact). Malwarebytes cleaned most of it I think but I am left with the following 2 errors on start up:

"Error 1"

Error loading C:\windows\mspcrp.dll
The specified module could not be found


"Error 2"

Error loading C:\windows\ilosumocarezate.dll
The specified module could not be found

Here is the Malwarebytes Log after Malwarebytes "fixed" the problems and the DDS Log. Any help would be appreciated. Thanks.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4343

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

07/23/10 8:36:45 PM
mbam-log-2010-07-23 (20-36-45).txt

Scan type: Quick scan
Objects scanned: 159644
Time elapsed: 13 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 5
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\ilosumocarezate.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpedoganide (Trojan.Hiloti) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Norm\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norm\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norm\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norm\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\ilosumocarezate.dll (Trojan.Hiloti) -> Delete on reboot.
C:\WINDOWS\system32\venkp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\renkp.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norm\Local Settings\Temp\hoagfk.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norm\Local Settings\Temp\xmaencowrs.tmp (Trojan.VirTool.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norm\Local Settings\Temp\emsawncxro.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norm\Local Settings\Temp\eblmw.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norm\Local Settings\Temporary Internet Files\Content.IE5\HKD77QPX\kksaupwr[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norm\Local Settings\Temporary Internet Files\Content.IE5\O6HFLX50\kksahc[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Norm\Local Settings\Temporary Internet Files\Content.IE5\WNFBD12E\gxbjd[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Norm at 21:01:34.03 on 07/23/10
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1591 [GMT -8:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe
C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\StompSoft\PC BackUp\NbkCtrl.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Norm\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar =
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride = local;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\norm\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Igudagupiseri] rundll32.exe "c:\windows\mspcrp.dll",Startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
mRun: [NovaBackup 7 Tray Control] "c:\program files\stompsoft\pc backup\NbkCtrl.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {CCB09A6E-7992-4F2D-A09F-6D0A0A3FCB5B} = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-1-29 13696]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\pervasive software\psql\bin\w3dbsmgr.exe [2008-6-6 435496]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-12-7 153448]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 Peachtree SmartPosting 2010;Peachtree SmartPosting 2010;c:\program files\sage software\peachtree\SmartPostingService2010.exe [2009-4-6 43816]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-4-13 11520]

=============== Created Last 30 ================

2010-07-24 04:06:51 0 d-----w- c:\docume~1\norm\applic~1\Malwarebytes
2010-07-24 04:06:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-24 04:06:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-24 04:06:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-24 04:06:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 16:39:12 120 ----a-w- c:\windows\Jlafevipeji.dat
2010-07-20 16:39:12 0 ----a-w- c:\windows\Bkuto.bin
2010-07-19 05:59:24 874272 ----a-w- c:\temp\JavaSetup6u21.exe
2010-07-19 05:58:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-19 02:51:21 86 ----a-w- c:\windows\wininit.ini
2010-07-19 01:48:07 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-07-19 01:48:07 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-07-19 01:48:05 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-07-19 01:48:05 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-07-19 01:47:58 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-07-19 01:47:58 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-07-19 01:46:18 150 ----a-w- C:\zrpt.xml
2010-06-30 01:07:12 0 d-----w- c:\documents and settings\norm\.hAWabAzAr
2010-06-30 01:07:09 0 d-----w- c:\docume~1\norm\applic~1\vertabasetimer.20D4E96EAD612B527A44AE7C4B35DE499B0FDD43.1
2010-06-30 01:07:05 0 d-----w- c:\program files\vertabasetimer
2010-06-30 01:04:12 12124624 ----a-w- c:\temp\AdobeAIRInstaller.exe
2010-06-30 00:57:57 0 d-----w- C:\VertabaseTimer
2010-06-30 00:36:11 0 d-----w- c:\windows\Downloads
2010-06-30 00:29:35 4516411 ----a-w- c:\temp\VertabaseTimer.zip

==================== Find3M ====================

2007-01-29 22:05:35 32 --sha-w- c:\windows\{2F123666-90BB-48F4-B871-DD69CAB0F9F0}.dat
2007-01-29 22:06:25 32 --sha-w- c:\windows\{3CCA790C-6480-4BE8-B2A5-395C168C9574}.dat
2007-01-29 22:08:29 32 --sha-w- c:\windows\{50BEEB44-D36A-48CA-94C3-F739C43B2FDE}.dat
2007-01-29 22:06:25 32 --sha-w- c:\windows\{528989D8-AE49-4B33-B492-9E54F09DB942}.dat
2007-01-29 22:07:34 32 --sha-w- c:\windows\{7939E321-E2F7-423D-B45C-48E6234B4C8C}.dat
2007-01-29 22:06:25 32 --sha-w- c:\windows\{939214A3-8482-4615-8F22-3880CAE0C978}.dat
2007-01-29 22:08:08 32 --sha-w- c:\windows\{D4A10977-F763-465A-B3D2-C736CC55DD3D}.dat
2007-01-29 22:06:25 32 --sha-w- c:\windows\system32\{7E2AA810-0C0A-4B9B-AF9F-B903B49D6192}.dat
2007-01-29 22:06:25 32 --sha-w- c:\windows\system32\{8889EEB9-9C72-4856-B772-4FB9CD9A22D0}.dat
2007-01-29 22:06:25 32 --sha-w- c:\windows\system32\{930FBB4E-EEF9-484B-AE91-58F270B4BB13}.dat
2007-01-29 22:05:35 32 --sha-w- c:\windows\system32\{94D1884F-91CD-48E2-8C68-3EFA5C5A09A3}.dat
2007-01-29 22:08:08 32 --sha-w- c:\windows\system32\{9687786D-2812-4EDC-A5EA-F3384CD99590}.dat
2007-01-29 22:07:34 32 --sha-w- c:\windows\system32\{98B831F4-4242-4E96-B51D-A9788C9B9E50}.dat
2007-01-29 22:08:29 32 --sha-w- c:\windows\system32\{C7F9D42D-282D-4447-BC74-7A653FD65459}.dat

============= FINISH: 21:02:30.82 ===============


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:40 AM

Posted 31 July 2010 - 10:33 AM

Hello norms

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Download the following GMER Rootkit Scanner from Here
  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:40 AM

Posted 02 August 2010 - 02:11 PM

Hi,

Since I posted, this error has not showed up again

"Error loading C:\windows\ilosumocarezate.dll
The specified module could not be found"

but the other one:

"Error loading C:\windows\mspcrp.dll
The specified module could not be found"

still does dry.gif


Don't kow if that is good or bad. Here are the logs.

OTL logfile created on: 08/02/10 8:54:48 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Norm\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 83.40 Gb Free Space | 54.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 103.38 Gb Total Space | 57.09 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive P: | 103.38 Gb Total Space | 57.09 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive T: | 103.38 Gb Total Space | 57.09 Gb Free Space | 55.23% Space Free | Partition Type: NTFS

Computer Name: NORMAN
Current User Name: Norm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Norm\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Pervasive Software Inc.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe (StompSoft, Inc.)
PRC - C:\Program Files\StompSoft\PC BackUp\NBKCTRL.exe (StompSoft, Inc.)
PRC - C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Norm\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (Peachtree SmartPosting 2010) -- C:\Program Files\Sage Software\Peachtree\SmartPostingService2010.exe (Sage Software, Inc.)
SRV - (psqlWGE) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe (Pervasive Software Inc.)
SRV - (NsEngine) -- C:\Program Files\StompSoft\PC BackUp\NSENGINE.exe (StompSoft, Inc.)
SRV - (NMSAccess) -- C:\Program Files\StompSoft\PC BackUp\NMSAccess.exe ()


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (ivusb) -- C:\WINDOWS\System32\DRIVERS\ivusb.sys File not found
DRV - (bdftdif) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (BDSelfPr) -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)
DRV - (bdfsfltr) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys (BitDefender)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (Intels51) Intel® -- C:\WINDOWS\system32\drivers\Intels51.sys (Intel Corporation)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (EL2000) -- C:\WINDOWS\system32\drivers\EL2K_XP.sys (3Com Corporation)
DRV - (HidBatt) -- C:\WINDOWS\system32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:81

FF - HKLM\software\mozilla\Firefox\extensions\\{64CB7EF3-C345-4204-931B-9DAE67880540}: C:\Documents and Settings\Norm\Local Settings\Application Data\{64CB7EF3-C345-4204-931B-9DAE67880540} [2010/07/20 08:39:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/03/26 16:38:39 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/05/21 09:28:38 | 000,395,292 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13652 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Oracle)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NovaBackup 7 Tray Control] C:\Program Files\StompSoft\PC BackUp\NbkCtrl.exe (StompSoft, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Norm\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Igudagupiseri] C:\WINDOWS\mspcrp.DLL File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Norm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Norm\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/29 12:20:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fc91ced7-42ad-11df-a4d5-000a5e5cba63}\Shell - "" = AutoRun
O33 - MountPoints2\{fc91ced7-42ad-11df-a4d5-000a5e5cba63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc91ced7-42ad-11df-a4d5-000a5e5cba63}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{fc91ced9-42ad-11df-a4d5-000a5e5cba63}\Shell - "" = AutoRun
O33 - MountPoints2\{fc91ced9-42ad-11df-a4d5-000a5e5cba63}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fc91ced9-42ad-11df-a4d5-000a5e5cba63}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (64752855394811904)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/02 08:50:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Norm\Desktop\OTL.exe
[2010/07/26 16:10:57 | 000,000,000 | ---D | C] -- C:\DCIM
[2010/07/23 20:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Application Data\Malwarebytes
[2010/07/23 20:06:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/23 20:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/23 20:06:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/23 20:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/23 14:10:36 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Norm\Desktop\mbam-setup-1.46.exe
[2010/07/20 08:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norm\Local Settings\Application Data\{64CB7EF3-C345-4204-931B-9DAE67880540}
[2010/07/18 22:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/18 22:03:49 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/18 22:03:49 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/18 22:03:49 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/18 21:58:00 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/18 17:48:07 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/07/18 17:48:07 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/07/18 17:48:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/07/18 17:47:58 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/07/18 17:47:58 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2007/01/29 12:48:48 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/02 08:50:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norm\Desktop\OTL.exe
[2010/08/02 08:39:06 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/02 08:39:03 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/08/02 08:38:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/02 08:38:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/02 08:38:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/02 08:38:41 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/30 18:03:46 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\Norm\ntuser.dat
[2010/07/30 18:03:38 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/07/30 18:03:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Norm\ntuser.ini
[2010/07/30 17:09:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-602162358-725345543-1003UA.job
[2010/07/30 14:09:43 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2010/07/30 14:09:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-602162358-725345543-1003Core.job
[2010/07/30 09:10:10 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Norm\Desktop\Google Chrome.lnk
[2010/07/30 09:10:10 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/27 12:38:50 | 000,000,026 | ---- | M] () -- C:\WINDOWS\AatrixForms.INI
[2010/07/26 13:06:28 | 000,000,026 | ---- | M] () -- C:\WINDOWS\Viewer.INI
[2010/07/26 10:28:27 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/07/23 20:59:33 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Norm\Desktop\dds.scr
[2010/07/23 20:06:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/23 20:02:59 | 000,002,623 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Knowledge Center.lnk
[2010/07/23 20:02:59 | 000,002,623 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Peachtree Business Checks and Forms.lnk
[2010/07/23 20:01:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Jlafevipeji.dat
[2010/07/23 15:41:33 | 000,000,585 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/23 15:41:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/23 15:41:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/23 14:10:36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Norm\Desktop\mbam-setup-1.46.exe
[2010/07/23 08:38:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bkuto.bin
[2010/07/22 16:42:37 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/07/21 14:51:18 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/07/18 18:51:21 | 000,000,086 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/18 17:46:20 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/13 11:33:12 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Norm\Application Dataprivacy.xml
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 20:59:33 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Norm\Desktop\dds.scr
[2010/07/23 20:06:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 08:39:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jlafevipeji.dat
[2010/07/20 08:39:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bkuto.bin
[2010/07/18 18:51:21 | 000,000,086 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/18 17:46:18 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2009/04/06 17:52:18 | 000,002,041 | ---- | C] () -- C:\WINDOWS\PTXA170.ini
[2009/01/15 12:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2009/01/13 12:26:58 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Viewer.INI
[2009/01/13 12:07:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\AatrixForms.INI
[2008/05/03 15:36:42 | 000,002,056 | ---- | C] () -- C:\WINDOWS\PTXA160.INI_upg2010
[2007/12/28 18:09:29 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/12/14 19:34:11 | 000,000,307 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2007/12/14 19:27:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2007/12/14 19:02:53 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2007/12/14 19:01:53 | 000,000,919 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007/12/14 19:01:53 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini
[2007/05/16 11:46:38 | 000,001,735 | ---- | C] () -- C:\WINDOWS\PTXA150.INI_upg2009
[2007/04/02 12:29:39 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/04/02 12:29:26 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2007/01/30 13:04:20 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/01/30 10:29:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/30 10:23:10 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/01/29 14:47:15 | 000,000,375 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/01/29 14:25:17 | 000,000,750 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/01/29 14:25:11 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2007/01/29 14:23:43 | 000,006,333 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2007/01/29 12:48:48 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/01/29 12:48:47 | 000,060,928 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2006/09/18 12:25:12 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/18 12:25:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/18 12:25:10 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/18 12:25:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/18 12:25:06 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/18 12:25:06 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/09/18 12:24:59 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/03/28 18:11:10 | 000,067,428 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2003/09/26 04:42:46 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2003/03/04 00:29:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2002/05/03 13:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/03/25 17:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/03/28 11:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\hppcap.ini

========== LOP Check ==========

[2007/07/11 16:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aatrix Software
[2007/04/02 12:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATX
[2009/12/25 18:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/07/06 16:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logic Software
[2008/08/08 15:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/04/17 15:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pervasive Software
[2010/03/23 13:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/07/23 21:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/23 12:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2010/04/08 22:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/07/11 16:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Aatrix Software
[2009/03/27 16:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Amazon
[2009/12/25 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\BitDefender
[2009/10/19 17:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Business Objects
[2009/11/16 09:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\com.nwtmint.air.mybulliontracker.BB33928E34E7C1F3E9FB215478549CD3C053FEC7.1
[2007/01/30 12:52:36 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Norm\Application Data\Favorites
[2007/01/30 10:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Leadertech
[2010/02/24 18:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\MP3toiPodAudioBookConverter
[2007/03/15 17:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Netscape
[2009/10/16 14:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Orbit
[2008/08/08 15:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\pdf995
[2007/01/30 09:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\Peachtree
[2010/03/19 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\ProjectTimer
[2010/03/23 13:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\TaxCut
[2007/01/30 10:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\VERITAS
[2010/06/29 17:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norm\Application Data\vertabasetimer.20D4E96EAD612B527A44AE7C4B35DE499B0FDD43.1

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/25 15:17:41 | 000,054,652 | ---- | M] () -- C:\aaw7boot.log
[2007/01/29 12:20:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/26 08:43:39 | 000,039,281 | ---- | M] () -- C:\bdlog.txt
[2009/10/24 15:37:24 | 012,503,385 | ---- | M] () -- C:\BdUninstallTool2009.10.24-03.35.31.log
[2009/10/24 15:37:24 | 000,228,484 | ---- | M] () -- C:\BdUninstallTool2009.10.24-03.35.31.reg
[2010/07/23 15:41:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2007/01/29 12:20:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/02 08:38:41 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2007/01/29 12:20:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/01/05 04:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002/01/05 04:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2007/01/29 12:20:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/03/27 20:40:55 | 098,269,322 | ---- | M] () -- C:\Music.nb7
[2007/01/29 12:30:52 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2007/01/29 12:30:52 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2007/12/30 13:29:31 | 000,039,912 | ---- | M] () -- C:\P9install.log
[2010/08/02 08:38:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/12/25 18:16:05 | 000,000,000 | ---- | M] () -- C:\pcconf.ini
[2010/02/01 08:39:14 | 000,000,000 | ---- | M] () -- C:\pcversion.txt
[2009/12/25 18:16:05 | 000,000,000 | ---- | M] () -- C:\pcwords.dat
[2009/12/25 18:16:05 | 000,000,000 | ---- | M] () -- C:\pcwords2.dat
[2009/12/25 18:16:05 | 000,000,000 | ---- | M] () -- C:\pc_sign.slf
[2009/10/19 14:44:02 | 006,548,910 | ---- | M] () -- C:\PSQL_v10_Install.log
[2007/01/29 19:58:47 | 000,000,658 | ---- | M] () -- C:\regdlls.txt
[2009/10/19 14:54:23 | 000,882,676 | ---- | M] () -- C:\SageMessageCenter_Install.log
[2007/03/13 11:19:40 | 000,000,037 | ---- | M] () -- C:\speeddials.txt
[2010/07/18 17:46:20 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/08/13 18:35:46 | 000,346,624 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2007/08/13 18:35:38 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/01/29 04:12:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/01/29 04:12:09 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/01/29 04:12:09 | 000,438,272 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/04/23 15:39:58 | 000,062,976 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HPPRN05.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20087FC5
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


OTL Extras logfile created on: 08/02/10 8:54:48 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Norm\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 83.40 Gb Free Space | 54.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 103.38 Gb Total Space | 57.09 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive P: | 103.38 Gb Total Space | 57.09 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive T: | 103.38 Gb Total Space | 57.09 Gb Free Space | 55.23% Space Free | Partition Type: NTFS

Computer Name: NORMAN
Current User Name: Norm
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1583:TCP" = 1583:TCP:*:Enabled:Pervasive DBEngine
"3351:TCP" = 3351:TCP:*:Enabled:Pervasive DBEngine

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\pvsw\bin\w3dbsmgr.exe" = C:\pvsw\bin\w3dbsmgr.exe:*:Enabled:Database Service Manager -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- File not found
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Disabled:javaw -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger -- File not found
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\ProxyWay\proxyway.exe" = C:\Program Files\ProxyWay\proxyway.exe:*:Disabled:ProxyWay -- File not found
"C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe" = C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe:*:Enabled:Database Service Manager -- (Pervasive Software Inc.)
"C:\Program Files\Amazon\MP3 Downloader\AmazonMP3Downloader.exe" = C:\Program Files\Amazon\MP3 Downloader\AmazonMP3Downloader.exe:*:Enabled:Amazon MP3 Downloader -- (Amazon.com)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{068857D8-FDD1-4F29-8F74-E9DE91E8A587}" = Crystal Reports 2008 SP2
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10.10 Workgroup (32-bit)
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFA5FC0-2166-11D6-B294-00B0D0B36B37}" = Otter32
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B469F8F-F3AC-4F3C-84F3-CFB349B3905C}" = BitDefender Antivirus 2010
"{51EF69CF-70D3-4142-993D-AA97F36484CC}" = Peachtree Accounting 2010
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7159715B-8F47-48FD-AC90-71A60D32A01B}" = PC BackUp
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1CA2FDD-C9BF-4295-A0C6-095BECA23140}" = BitDefender Definitions Update
"{AB875694-839E-300A-4260-A8C1EA8A6684}" = Vertabase Timer
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}" = TaxCut Premium + State + Efile 2007
"{EBC91840-41E1-4CC3-AC11-0B889546223C}" = Microsoft IntelliPoint 5.5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ASMT - Automatic Shell MP3 Tagger_is1" = ASMT - Automatic Shell MP3 Tagger v1.19
"CCH Small Firm Services (xulRunner)" = CCH Small Firm Services (xulRunner)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}" = Peachtree Quantum 2010 - Accountants' Edition
"Integration Services" = Sage Software Integration Services
"Kyodai Mahjongg 18.75 (Full package)_is1" = Kyodai
"MAGIX audio cleaning lab 2005" = MAGIX audio cleaning lab 2005
"MAGIX Media Manager silver" = MAGIX Media Manager silver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton CleanSweep" = Norton CleanSweep
"Norton Speed Disk" = Norton Speed Disk 7.0 for Windows NT
"Norton Utilities" = Norton Utilities 2003 for Windows
"NVIDIA Drivers" = NVIDIA Drivers
"PD+Rescue for iPod_is1" = PD+Rescue for iPod v1.5
"Pervasive Software PSQL v9.1 Workgroup_is1" = Pervasive Software PSQL v9.1 Client
"Pervasive System Analyzer_is1" = Pervasive System Analyzer v9.1
"SpywareBlaster_is1" = SpywareBlaster 4.3
"ST6UNST #1" = WA_UIFastTax
"TaxCut Business 2007" = TaxCut Business 2007 (Remove Only)
"TaxCut Business 2008" = TaxCut Business 2008 (Remove Only)
"TaxCut Premium 2006" = TaxCut Premium 2006
"vertabasetimer.20D4E96EAD612B527A44AE7C4B35DE499B0FDD43.1" = Vertabase Timer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/30/10 7:27:09 PM | Computer Name = NORMAN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 07/30/10 7:27:09 PM | Computer Name = NORMAN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 07/30/10 9:12:09 PM | Computer Name = NORMAN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 07/30/10 9:12:10 PM | Computer Name = NORMAN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 07/30/10 9:20:48 PM | Computer Name = NORMAN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 07/30/10 9:20:49 PM | Computer Name = NORMAN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 08/02/10 12:38:52 PM | Computer Name = NORMAN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 08/02/10 12:38:52 PM | Computer Name = NORMAN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 08/02/10 12:38:55 PM | Computer Name = NORMAN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 08/02/10 12:38:55 PM | Computer Name = NORMAN | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 07/19/10 12:40:37 PM | Computer Name = NORMAN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {B38E3B1D-CFDB-47D1-AA99-48EE24DA957F}.
The
error: "%2" Happened while starting this command: C:\Program Files\Common Files\Peach\V1700\OUPAW17.exe
-Embedding

Error - 07/19/10 4:46:03 PM | Computer Name = NORMAN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {B38E3B1D-CFDB-47D1-AA99-48EE24DA957F}.
The
error: "%2" Happened while starting this command: C:\Program Files\Common Files\Peach\V1700\OUPAW17.exe
-Embedding

Error - 07/19/10 6:33:20 PM | Computer Name = NORMAN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {B38E3B1D-CFDB-47D1-AA99-48EE24DA957F}.
The
error: "%2" Happened while starting this command: C:\Program Files\Common Files\Peach\V1700\OUPAW17.exe
-Embedding

Error - 07/19/10 8:16:34 PM | Computer Name = NORMAN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {B38E3B1D-CFDB-47D1-AA99-48EE24DA957F}.
The
error: "%2" Happened while starting this command: C:\Program Files\Common Files\Peach\V1700\OUPAW17.exe
-Embedding

Error - 07/20/10 4:29:29 PM | Computer Name = NORMAN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {B38E3B1D-CFDB-47D1-AA99-48EE24DA957F}.
The
error: "%2" Happened while starting this command: C:\Program Files\Common Files\Peach\V1700\OUPAW17.exe
-Embedding

Error - 07/20/10 4:49:41 PM | Computer Name = NORMAN | Source = Print | ID = 6161
Description =

Error - 07/20/10 4:51:04 PM | Computer Name = NORMAN | Source = Print | ID = 6161
Description =

Error - 07/20/10 5:52:00 PM | Computer Name = NORMAN | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {B38E3B1D-CFDB-47D1-AA99-48EE24DA957F}.
The
error: "%2" Happened while starting this command: C:\Program Files\Common Files\Peach\V1700\OUPAW17.exe
-Embedding

Error - 07/26/10 8:20:59 PM | Computer Name = NORMAN | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{CCB09A6E-7992-4F2D-A09F-6D0A0A3FCB5B}. The
backup browser is stopping.

Error - 07/28/10 5:44:59 PM | Computer Name = NORMAN | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{CCB09A6E-7992-4F2D-A09F-6D0A0A3FCB5B}. The
backup browser is stopping.


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-02 11:55:37
Windows 5.1.2600 Service Pack 2
Running: i253ip2q.exe; Driver: C:\DOCUME~1\Norm\LOCALS~1\Temp\uxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAllocateVirtualMemory [0xB4B4CAE4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAssignProcessToJobObject [0xB4B4CE4E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwConnectPort [0xB4B4E13E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateFile [0xB4B4D868]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateKey [0xB4B4E5C6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcess [0xB4B4CF98]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcessEx [0xB4B4D01A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateSection [0xB4B4D68C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateThread [0xB4B4C6E6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDeviceIoControlFile [0xB4B4E6C6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDuplicateObject [0xB4B512F4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwFsControlFile [0xB4B4E804]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwLoadDriver [0xB4B4F25C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenFile [0xB4B4D77C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenProcess [0xB4B51046]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenSection [0xB4B4D5AC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenThread [0xB4B51174]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwProtectVirtualMemory [0xB4B4C9E2]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwQueueApcThread [0xB4B4CEF0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwReplaceKey [0xB4B4EDBE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestPort [0xB4B4E1CE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestWaitReplyPort [0xB4B4DF6A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRestoreKey [0xB4B4EE2E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSecureConnectPort [0xB4B4E374]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetContextThread [0xB4B4C7D6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSecurityObject [0xB4B4ED4E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSystemInformation [0xB4B4CBE8]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendProcess [0xB4B4C944]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendThread [0xB4B4C8A6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSystemDebugControl [0xB4B4CDAC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateProcess [0xB4B50FB6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateThread [0xB4B51402]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwWriteVirtualMemory [0xB4B4C5E4]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 247C 80501180 4 Bytes CALL E032C639
.text ntkrnlpa.exe!ZwCallbackReturn + 26EC 805013F0 4 Bytes CALL 6904C8C0
.text ntkrnlpa.exe!ZwCallbackReturn + 2720 80501424 12 Bytes [44, C9, B4, B4, A6, C8, B4, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB99AE360, 0x24526E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\nvsvc32.exe[316] ntdll.dll!RtlSetCurrentDirectory_U 7C920ECE 8 Bytes PUSH 4C000413; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtClose + 5 7C90D58B 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtCreateEvent + 5 7C90D65D 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtCreateMutant + 5 7C90D705 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtCreateProcess + 5 7C90D759 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtCreateProcessEx + 5 7C90D76E 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtCreateSection + 5 7C90D798 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtDeleteKey + 5 7C90D8A9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtDuplicateObject + 5 7C90D912 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtLoadDriver + 5 7C90DB73 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtOpenProcess + 5 7C90DD80 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtOpenSection + 5 7C90DDBF 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtQueueApcThread + 5 7C90E242 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtUnmapViewOfSection + 5 7C90E965 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtWriteFile + 5 7C90E9F8 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!NtWriteVirtualMemory + 5 7C90EA37 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ntdll.dll!RtlCreateProcessParameters 7C9233C1 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E5 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!SleepEx 7C80239C 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!Sleep 7C802442 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CloseHandle 7C809B77 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!QueryPerformanceCounter 7C80A417 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!FreeLibrary 7C80AA66 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CreateFileW 7C810976 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CreateDirectoryW 7C81E968 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!SetFileAttributesW 7C81FC05 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CopyFileExW 7C82EFF2 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!PulseEvent 7C8340FE 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CheckRemoteDebuggerPresent 7C859902 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CreateDirectoryExW 7C85A3DA 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!ReadConsoleA 7C8716CD 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!ReadConsoleW 7C87171C 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!ReadConsoleInputA 7C873183 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] KERNEL32.dll!ReadConsoleInputW 7C8731A6 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70D4 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ADVAPI32.dll!OpenServiceA 77DEB88C 2 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ADVAPI32.dll!OpenServiceA + 3 77DEB88F 2 Bytes [24, E8] {AND AL, 0xe8}
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!GetMessageW 77D491A3 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!PeekMessageW 77D49278 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!PeekMessageA 77D4CEFD 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!UserClientDllInitialize 77D50EB9 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!GetMessageA 77D6EA45 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] SHELL32.dll!StrStrW + FFE46645 7C9DFA10 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 5 Bytes JMP 6003215E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] WININET.dll!InternetConfirmZoneCrossing + FFF76306 771B1678 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] WININET.dll!InternetConfirmZoneCrossing + FFF76306 771B1678 5 Bytes JMP 6003217C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] WININET.dll!HttpOpenRequestA 771C160A 5 Bytes JMP 6003219A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] WININET.dll!InternetConnectA 771C1C6A 5 Bytes JMP 60032190 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 60032186 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ws2_32.dll!WEP + FFFEF16E 71AB1273 5 Bytes JMP 600321A4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ws2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 600321C2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ws2_32.dll!connect 71AB406A 5 Bytes JMP 600321D6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ws2_32.dll!send 71AB428A 5 Bytes JMP 600321AE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ws2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 600321CC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[508] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 600321B8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\System32\svchost.exe[592] ntdll.dll!RtlSetCurrentDirectory_U 7C920ECE 8 Bytes PUSH 4C000413; RET
.text C:\WINDOWS\System32\smss.exe[676] ntdll.dll!RtlSetCurrentDirectory_U 7C920ECE 8 Bytes PUSH 4C000413; RET
.text C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe[704] ntdll.dll!RtlSetCurrentDirectory_U 7C920ECE 8 Bytes PUSH 4C000413; RET
.text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!RtlSetCurrentDirectory_U 7C920ECE 8 Bytes PUSH 4C000413; RET
.text C:\WINDOWS\system32\csrss.exe[756] ntdll.dll!RtlSetCurrentDirectory_U 7C920ECE 8 Bytes PUSH 4C000413; RET
.text ...
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtClose + 5 7C90D58B 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtCreateEvent + 5 7C90D65D 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtCreateMutant + 5 7C90D705 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtCreateProcess + 5 7C90D759 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtCreateProcessEx + 5 7C90D76E 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtCreateSection + 5 7C90D798 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtDeleteKey + 5 7C90D8A9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtDuplicateObject + 5 7C90D912 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtLoadDriver + 5 7C90DB73 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtOpenProcess + 5 7C90DD80 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtOpenSection + 5 7C90DDBF 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtQueueApcThread + 5 7C90E242 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtUnmapViewOfSection + 5 7C90E965 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtWriteFile + 5 7C90E9F8 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!NtWriteVirtualMemory + 5 7C90EA37 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ntdll.dll!RtlCreateProcessParameters 7C9233C1 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E5 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!SleepEx 7C80239C 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!Sleep 7C802442 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CloseHandle 7C809B77 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!QueryPerformanceCounter 7C80A417 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!FreeLibrary 7C80AA66 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CreateFileW 7C810976 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CreateDirectoryW 7C81E968 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!SetFileAttributesW 7C81FC05 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CopyFileExW 7C82EFF2 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!PulseEvent 7C8340FE 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CheckRemoteDebuggerPresent 7C859902 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CreateDirectoryExW 7C85A3DA 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!ReadConsoleA 7C8716CD 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!ReadConsoleW 7C87171C 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!ReadConsoleInputA 7C873183 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] KERNEL32.dll!ReadConsoleInputW 7C8731A6 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70D4 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!OpenServiceA 77DEB88C 2 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!OpenServiceA + 3 77DEB88F 2 Bytes [24, E8] {AND AL, 0xe8}
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 1 Byte [E9]
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] USER32.dll!GetMessageW 77D491A3 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] USER32.dll!PeekMessageW 77D49278 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] USER32.dll!PeekMessageA 77D4CEFD 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] USER32.dll!UserClientDllInitialize 77D50EB9 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] USER32.dll!GetMessageA 77D6EA45 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 6003214A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] SHELL32.dll!StrStrW + FFE46645 7C9DFA10 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\notepad.exe[2824] SHELL32.dll!Shell_NotifyIconW 7CA37CE1 5 Bytes JMP 60032154 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtClose + 5 7C90D58B 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtCreateEvent + 5 7C90D65D 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtCreateFile + 5 7C90D687 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtCreateKey + 5 7C90D6DB 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtCreateMutant + 5 7C90D705 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtCreateProcess + 5 7C90D759 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtCreateProcessEx + 5 7C90D76E 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtCreateSection + 5 7C90D798 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtCreateThread + 5 7C90D7D7 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtDeleteKey + 5 7C90D8A9 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtDeleteValueKey + 5 7C90D8D3 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtDuplicateObject + 5 7C90D912 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtLoadDriver + 5 7C90DB73 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtMapViewOfSection + 5 7C90DC5A 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtOpenFile + 5 7C90DD02 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtOpenKey + 5 7C90DD41 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtOpenProcess + 5 7C90DD80 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtOpenSection + 5 7C90DDBF 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtQueueApcThread + 5 7C90E242 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtSetInformationFile + 5 7C90E5DE 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtSetValueKey + 5 7C90E7C1 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtTerminateProcess + 5 7C90E893 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtUnmapViewOfSection + 5 7C90E965 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtWriteFile + 5 7C90E9F8 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!NtWriteVirtualMemory + 5 7C90EA37 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ntdll.dll!RtlCreateProcessParameters 7C9233C1 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E5 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!SleepEx 7C80239C 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!Sleep 7C802442 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CloseHandle 7C809B77 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!QueryPerformanceCounter 7C80A417 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!FreeLibrary 7C80AA66 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!GetModuleHandleA 7C80B529 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!GetModuleHandleW 7C80E63C 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CreateRemoteThread 7C810626 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CreateThread 7C81082F 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CreateFileW 7C810976 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CreateProcessInternalW 7C8191EB 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!ExitProcess 7C81CAA2 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CreateDirectoryW 7C81E968 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!DeleteFileW 7C81F73D 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!SetFileAttributesW 7C81FC05 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!MoveFileWithProgressW 7C821565 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CopyFileExW 7C82EFF2 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!PulseEvent 7C8340FE 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CheckRemoteDebuggerPresent 7C859902 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CreateDirectoryExW 7C85A3DA 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!WinExec 7C86114D 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!SetThreadContext 7C862849 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!ReadConsoleA 7C8716CD 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!ReadConsoleW 7C87171C 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!ReadConsoleInputA 7C873183 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] KERNEL32.dll!ReadConsoleInputW 7C8731A6 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70D4 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ADVAPI32.dll!OpenServiceW 77DE6165 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ADVAPI32.dll!ControlService 77DEB635 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ADVAPI32.dll!OpenServiceA 77DEB88C 2 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ADVAPI32.dll!OpenServiceA + 3 77DEB88F 2 Bytes [24, E8] {AND AL, 0xe8}
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ADVAPI32.dll!ChangeServiceConfigA 77E36CC9 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ADVAPI32.dll!ChangeServiceConfigW 77E36E61 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] ADVAPI32.dll!DeleteService 77E37311 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] USER32.dll!GetMessageW 77D491A3 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] USER32.dll!PeekMessageW 77D49278 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] USER32.dll!PeekMessageA 77D4CEFD 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] USER32.dll!UserClientDllInitialize 77D50EB9 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] USER32.dll!GetMessageA 77D6EA45 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Norm\Desktop\i253ip2q.exe[2916] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E5927E38-4405-DB49-0E7D-D205B6D517AA}

---- EOF - GMER 1.0.15 ----



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:40 AM

Posted 05 August 2010 - 12:43 PM

Sorry for the late reply I was not notified of your reply.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    O4 - HKCU..\Run: [Igudagupiseri] C:\WINDOWS\mspcrp.DLL File not found
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:40 AM

Posted 05 August 2010 - 10:34 PM

No problem. Here are the logs.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Igudagupiseri deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Debra Simpson
->Temp folder emptied: 820 bytes
->Temporary Internet Files folder emptied: 34762 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 36654 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98830 bytes

User: Norm
->Temp folder emptied: 3623915199 bytes
->Temporary Internet Files folder emptied: 262814388 bytes
->Java cache emptied: 3036912 bytes
->Google Chrome cache emptied: 375913875 bytes
->Flash cache emptied: 2052345 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119318 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2313268 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 692430 bytes

Total Files Cleaned = 4,074.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08052010_172054

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.5730.13 (longhorn(wmbla).070711-1130)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f9075a73fa823b448023635d7f735832
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-06 03:26:33
# local_time=2010-08-05 07:26:33 (-0800, Pacific Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=114840
# found=1
# cleaned=1
# scan_time=3196
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdRotator5.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


#6 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:40 AM

Posted 05 August 2010 - 11:46 PM

Oh, I forgot to mention in my last reply that I no longer get any errors on start up. thumbup2.gif

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:40 AM

Posted 06 August 2010 - 06:40 AM

Looks good.
======Cleanup======
  • Double click on OTL to run it.
  • Click on the Cleanup button at the top.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  • This will remove itself and other tools we may have used.
======================Clear out infected System Restore points======================
Then we need to reset your System Restore points.
The link below shows how to do this.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.


After that your all set.


===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...



===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware
superantispyware

===Free antivirus links===

This is antivirus and antispyware.
Microsoft Security Essentials
This is free antispyware protection and Antivirus protection.
AVG free 9.0
This is just antivirus protection.
Antivir
This is antivirus and antispyware protection.
Avast


Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 norms

norms
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Washington State
  • Local time:07:40 AM

Posted 06 August 2010 - 10:53 AM

Everything seems to be working fine. Thanks for all your help thumbup.gif

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:40 AM

Posted 06 August 2010 - 11:27 AM

You are welcome smile.gif


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users