Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected. Please help me.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Infected. Please help me.

Unread postby ndmmxiaomayi » February 25th, 2009, 8:43 am

That's bad.

Please run this set of instructions again and post back the logs - viewtopic.php?p=407626#p407626
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Re: Infected. Please help me.

Unread postby DannyDKing » February 25th, 2009, 11:23 pm

Here we go again. :)

Here is my DDS.TXT:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 21:58:01.14 on Wed 02/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2107 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe -kbdx
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\scthemes\scthemes.exe
C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\taskmgr.exe
c:\program files\bitdefender\bitdefender 2009\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator.DANNY2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: c:\windows\system32\hhs3ijndfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hhs3ijndfd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Spyware Doctor] "c:\program files\spyware doctor\swdoctor.exe" /Q
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [p09nkhcojrpvdkznrcx5ilq2yv0ebf2q4no5oi4x3] c:\docume~1\admini~1.dan\locals~1\temp\a84la8g.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RRT-Auto] c:\rrt\RRT.exe auto
dRun: [Spyware Doctor] "c:\program files\spyware doctor\swdoctor.exe" /Q
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\admini~1.dan\startm~1\programs\startup\screen~1.lnk - c:\scthemes\scthemes.exe
StartupFolder: c:\docume~1\admini~1.dan\startm~1\programs\startup\thoosj~1.lnk - c:\program files\thoosje vista sidebar\Thoosje Sidebar.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\11bgpc~1.lnk - c:\program files\oem\11bg pci&cardbus wireless lan utility\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &Winamp Search - c:\documents and settings\all users.windows\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 4683325406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: utsync - utsync.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\hhs3ijndfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hhs3ijndfd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-2-12 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-2-12 16768]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-7-2 82568]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-11-27 38144]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-11-25 935208]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-8-14 102208]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]

=============== Created Last 30 ================

2009-02-24 23:53 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\Windows Search
2009-02-24 20:45 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 20:45 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-24 19:10 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-24 00:05 <DIR> --d----- C:\RRT
2009-02-24 00:01 16,244 a------- c:\windows\system32\rrt_is.wav
2009-02-24 00:01 7,302 a------- c:\windows\system32\rrt_vf.wav
2009-02-24 00:01 7,148 a------- c:\windows\system32\rrt_tv.wav
2009-02-24 00:01 6,282 a------- c:\windows\system32\rrt_tn.wav
2009-02-23 23:53 <DIR> --d----- C:\myRTVAULT
2009-02-23 23:53 <DIR> --d----- C:\MyRT
2009-02-23 21:49 0 a------- C:\bwrsnohl.exe
2009-02-23 21:49 0 a------- C:\eslb.exe
2009-02-23 21:48 1 a------- c:\windows\system32\uniq.tll
2009-02-23 21:48 0 a------- C:\aheg.exe
2009-02-23 21:48 0 a------- C:\puphu.exe
2009-02-23 21:47 0 a------- C:\484847148
2009-02-23 21:47 1,980 a------- C:\hjotfjn.exe
2009-02-23 21:47 27,136 a------- c:\windows\system32\frmwrk32.exe
2009-02-23 21:47 27,136 a------- C:\mpypakmw.exe
2009-02-23 21:47 40,448 a------- C:\kyamdorp.exe
2009-02-23 21:47 1,980 a------- C:\wxhymf.exe
2009-02-23 21:47 39,936 a------- c:\windows\Hregogodinirey.dll
2009-02-23 21:47 15,000 a------- c:\windows\system32\hhs3ijndfd.dll
2009-02-23 21:47 39,936 a------- C:\sqmarv.exe
2009-02-23 17:40 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-02-22 12:12 <DIR> --d----- c:\program files\Microsoft
2009-02-22 12:11 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\Windows Desktop Search
2009-02-22 12:10 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-02-22 12:10 <DIR> --d----- c:\program files\Windows Desktop Search
2009-02-22 12:10 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-02-22 12:10 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-02-22 12:10 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-02-21 16:34 <DIR> --d----- C:\ComboFix
2009-02-21 13:24 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-21 13:23 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-21 13:23 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-21 13:23 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-21 13:23 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-21 13:23 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-21 13:23 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-21 13:23 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-21 12:53 <DIR> --d----- c:\program files\Messenger
2009-02-21 12:28 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-02-21 12:28 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-21 12:28 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-21 12:28 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-21 12:28 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-21 12:28 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-02-21 12:28 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-21 12:28 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-21 12:28 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-21 11:43 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-21 10:42 <DIR> a-dshr-- C:\cmdcons
2009-02-21 10:39 161,792 a------- c:\windows\SWREG.exe
2009-02-21 10:39 98,816 a------- c:\windows\sed.exe
2009-02-20 05:13 124 a------- c:\windows\wininit.ini
2009-02-19 17:20 250 a------- c:\windows\gmer.ini
2009-02-16 20:10 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-16 20:10 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-15 01:03 <DIR> --d----- c:\program files\Trend Micro
2009-02-14 22:43 643 a------- c:\windows\win.tmp
2009-02-14 22:43 227 a------- c:\windows\system.tmp
2009-02-14 22:23 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\BitDefender
2009-02-14 22:23 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\BitDefender
2009-02-14 22:22 <DIR> --d----- c:\program files\common files\BitDefender
2009-02-14 14:28 81,984 a------- c:\windows\system32\bdod.bin
2009-02-14 12:35 850 a------- c:\windows\system32\ProductTweaks.xml
2009-02-14 12:35 385 a------- c:\windows\system32\user_gensett.xml
2009-02-14 12:25 <DIR> --d----- c:\windows\system32\logs
2009-02-14 12:24 <DIR> --d----- c:\program files\BitDefender
2009-02-14 12:24 <DIR> --d----- c:\windows\system32\URTTEMP
2009-02-14 11:41 750,984 a------- c:\windows\system32\Magentic Screensaver.scr
2009-02-14 11:41 <DIR> --d----- c:\program files\Magentic
2009-02-14 11:22 <DIR> --ds---- c:\documents and settings\administrator.danny2\UserData
2009-02-14 10:33 <DIR> --d----- c:\program files\Thoosje Vista Sidebar
2009-02-14 10:29 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\RapidSolution
2009-02-14 10:29 <DIR> --d----- c:\program files\RapidSolution
2009-02-14 10:17 <DIR> --d----- c:\program files\Winamp Toolbar
2009-02-14 10:17 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Winamp Toolbar
2009-02-14 09:56 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\PC Tools
2009-02-14 09:49 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-14 09:49 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-14 09:48 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-14 09:48 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-14 09:48 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-14 09:48 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-14 09:47 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-02-14 09:47 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-02-14 09:46 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-02-14 09:46 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-02-14 09:45 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\River Past G5
2009-02-14 09:45 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\River Past G5
2009-02-13 22:37 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-02-13 22:37 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-13 22:37 <DIR> --d----- c:\program files\iPod
2009-02-13 22:37 <DIR> --d----- c:\program files\iTunes
2009-02-13 22:37 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-13 22:36 <DIR> --d----- c:\program files\Bonjour
2009-02-13 22:04 74,240 -c------ c:\windows\system32\dllcache\mscms.dll
2009-02-13 22:04 361,600 ac------ c:\windows\system32\dllcache\tcpip.sys
2009-02-13 22:04 245,248 ac------ c:\windows\system32\dllcache\mswsock.dll
2009-02-13 22:04 100,352 ac------ c:\windows\system32\dllcache\6to4svc.dll
2009-02-13 22:04 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-02-13 22:01 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-02-13 22:00 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Nero
2009-02-13 21:59 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-02-13 21:11 32,592 a------- c:\windows\system32\msonpmon.dll
2009-02-13 21:08 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-02-13 20:55 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\1Click DVD Movie
2009-02-13 20:55 87,608 a------- c:\docume~1\admini~1.dan\applic~1\ezpinst.exe
2009-02-13 20:55 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-02-13 20:55 47,360 a------- c:\docume~1\admini~1.dan\applic~1\pcouffin.sys
2009-02-13 20:54 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\Lexmark Productivity Studio
2009-02-13 20:41 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\JAM Software
2009-02-12 23:02 49,152 a------- c:\windows\system32\FTPStubInstUtils.dll
2009-02-12 23:02 <DIR> --d----- c:\program files\WS_FTP Pro
2009-02-12 23:02 306,688 a------- c:\windows\ISUninst.exe
2009-02-12 22:35 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\IncrediMail
2009-02-12 22:32 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\IM
2009-02-12 21:56 16,768 a------- c:\windows\system32\drivers\BS_I2cIo.sys
2009-02-12 21:31 219 a------- c:\windows\stsaver.ini
2009-02-12 21:09 3,932,214 a------- c:\windows\ScreenThemes.bmp
2009-02-12 20:53 273,408 a------- c:\windows\system32\lfcmp11n.dll
2009-02-12 20:53 226,304 a------- c:\windows\system32\ltefx11n.dll
2009-02-12 20:53 126,976 a------- c:\windows\system32\ltimg11n.dll
2009-02-12 20:53 36,864 a------- c:\windows\system32\lfbmp11n.dll
2009-02-12 20:53 356,864 a------- c:\windows\system32\ltkrn11n.dll
2009-02-12 20:53 244,224 a------- c:\windows\system32\ltdis11n.dll
2009-02-12 20:53 111,616 a------- c:\windows\system32\ltfil11n.dll
2009-02-12 20:53 155,648 a------- c:\windows\system32\stsaver.scr
2009-02-12 20:53 327 a------- c:\windows\scthemes.ini
2009-02-12 20:52 635 a------- c:\windows\ef.INI
2009-02-12 20:40 12,598 a------- c:\windows\system32\wpa.bak
2009-02-12 20:36 21,035 a------- c:\windows\system32\drivers\AegisP.sys
2009-02-12 20:36 308,992 a----r-- c:\windows\system32\drivers\rtl8185.sys
2009-02-12 20:36 308,992 -----r-- c:\windows\system\rtl8185.sys
2009-02-12 20:33 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-02-12 20:33 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-02-12 20:32 <DIR> --d----- c:\program files\BIOS
2009-02-12 20:31 36,864 a------- c:\windows\system32\drivers\AmdK8.sys
2009-02-12 20:22 520,192 a------- c:\windows\RtlExUpd.dll
2009-02-12 20:22 315,392 a------- c:\windows\HideWin.exe
2009-02-12 20:22 81,496 a------- c:\windows\system32\nvapps.xml
2009-02-12 20:22 208,896 a------- c:\windows\system32\nvudisp.exe
2009-02-12 20:22 17,056 a------- c:\windows\system32\nvdisp.nvu
2009-02-12 20:21 22 a------- c:\windows\FileName
2009-02-12 20:20 446,464 a------- c:\windows\system32\CapabilityTable.exe
2009-02-12 20:20 356,352 -------- c:\windows\system32\nvuide.exe
2009-02-12 20:20 1,570 -------- c:\windows\system32\nvide.nvu
2009-02-12 20:20 1,732 a------- c:\windows\system32\drivers\nvphy.bin
2009-02-12 20:20 356,352 a------- c:\windows\system32\nvunrm.exe
2009-02-12 20:20 3,903 a------- c:\windows\system32\nvnrm.nvu
2009-02-12 20:20 356,352 a------- c:\windows\system32\NVUNINST.EXE
2009-02-12 20:20 13,696 a----r-- c:\windows\system32\drivers\BIOS.sys
2009-02-12 20:15 <DIR> --d----- c:\documents and settings\Administrator.DANNY2
2009-02-12 20:04 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-12 20:02 571,392 ac------ c:\windows\system32\dllcache\tintlgnt.ime
2009-02-12 20:01 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
2009-02-12 20:00 2,577 a------- c:\windows\system32\CONFIG.NT
2009-02-12 20:00 0 a------- c:\windows\control.ini
2009-02-12 20:00 23,392 a------- c:\windows\system32\nscompat.tlb
2009-02-12 20:00 16,832 a------- c:\windows\system32\amcompat.tlb
2009-02-12 20:00 316,640 a------- c:\windows\WMSysPr9.prx
2009-02-12 19:59 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-02-12 19:59 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-02-12 19:59 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-02-12 19:57 239,104 a------- c:\windows\system32\srrstr.dll
2009-02-12 19:56 5,632 ac------ c:\windows\system32\dllcache\write.exe
2009-02-12 14:53 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-02-12 14:52 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-02-12 14:51 74,240 a------- c:\windows\system32\usbui.dll
2009-02-12 14:49 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-02-12 14:47 261 a------- c:\windows\system32\$winnt$.inf
2009-02-10 22:55 <DIR> --d----- c:\program files\JAM Software
2009-02-08 22:18 <DIR> --d----- C:\scthemes
2009-02-07 15:56 <DIR> --d----- c:\program files\NEATO
2009-02-07 15:54 <DIR> --d----- c:\program files\Lexmark Fax Solutions
2009-02-07 15:53 <DIR> --d----- c:\program files\Lexmark Tools for Office
2009-02-07 15:52 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-02-07 15:51 <DIR> --d----- c:\program files\Lexmark 2600 Series
2009-02-07 15:07 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-02-06 14:16 <DIR> --d----- C:\VundoFix Backups
2009-02-05 00:38 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-05 00:22 <DIR> --d----- c:\program files\MSConfig CleanUp
2009-02-04 10:35 <DIR> --d----- c:\program files\SopFilter
2009-02-04 10:31 <DIR> --d----- C:\ProgramData
2009-02-04 10:13 <DIR> --d----- c:\program files\Readon Technology
2009-01-30 21:02 <DIR> --d----- c:\program files\Jasc Software Inc

==================== Find3M ====================

2009-02-21 12:54 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-14 23:59 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys
2009-02-14 23:59 82,696 a------- c:\windows\system32\drivers\BDVEDISK.sys
2009-02-12 19:57 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 21:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 21:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 21:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 21:28 57,344 a------- c:\windows\system32\dpv11.dll
2007-02-12 19:10 2,682,880 -------- c:\documents and settings\all users.windows\VCREDI~3.EXE

============= FINISH: 21:58:43.09 ===============


And my gmer.txt file:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-25 22:19:32
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xB55B8BCE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xB55B8CBC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xB55B8B32]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\TEMP\mc22.tmp The system cannot find the file specified. !
? System32\Drivers\41172c7a.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F08001E
.text C:\WINDOWS\System32\svchost.exe[476] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F05001E
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] user32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] user32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[1060] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\csrss.exe[1060] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\csrss.exe[1060] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\services.exe[1128] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\services.exe[1128] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[1128] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\lsass.exe[1140] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\lsass.exe[1140] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1140] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1316] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1384] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F08001E
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1524] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F05001E
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\System32\svchost.exe[1556] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\System32\svchost.exe[1556] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1556] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1896] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1896] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1896] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, D0, 2B, 40, 60, E9, D1, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, D8, B5, 41, 60, E9, 91, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, 88, 65, 41, 60, E9, 01, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, F8, 64, 42, 60, E9, 11, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, A8, D7, 40, 60, E9, 11, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 38, AB, 41, 60, E9, 61, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, A8, 5A, 41, 60, E9, E1, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, 48, BB, 41, 60, E9, B1, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, 58, A0, 41, 60, E9, 81, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, C8, A5, 41, 60, E9, E1, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, A8, 6D, 40, 60, E9, B1, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, 18, 60, 41, 60, E9, 01, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes CALL 65F26F97
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 68, 6A, 42, 60, E9, 71, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, C0, C8, 41, 60, E9, 12, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, 50, C3, 41, 60, E9, 74, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 38, 91, 40, 60, E9, 53, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, B0, 36, 40, 60, E9, 8F, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 28, 80, 42, 60, E9, BF, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, F8, E5, 40, 60, E9, 2D, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, B8, 7A, 42, 60, E9, F8, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 40, 31, 40, 60, E9, 28, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 28, EF, 40, 60, E9, 1F, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 30, CE, 41, 60, E9, 9F, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, A0, CF, 40, 60, E9, 76, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes CALL 65E1D93C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 48, 75, 42, 60, E9, 6C, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 20, 3C, 40, 60, E9, 4C, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, 98, 85, 42, 60, E9, 10, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 88, A1, 40, 60, E9, 57, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 48, 0F, 41, 60, E9, 44, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 18, 9C, 40, 60, E9, BD, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 68, 45, 41, 60, E9, 29, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, D8, 4A, 41, 60, E9, DA, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 88, 3A, 41, 60, E9, 73, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, F8, 3F, 41, 60, E9, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] WS2_32.dll!WEP + FFFEF156 71AB1273 10 Bytes [ 68, D8, B1, 40, 60, E9, F3, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] WS2_32.dll!connect 71AB4A07 10 Bytes JMP 5FE96041
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] WS2_32.dll!send 71AB4C27 10 Bytes [ 68, C8, E2, 41, 60, E9, 3F, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] WS2_32.dll!WSAStartup 71AB6A55 10 Bytes [ 68, 48, B7, 40, 60, E9, 11, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, C8, F9, 40, 60, E9, 6B, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, 90, 6D, 41, 60, E9, 89, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 08, 7B, 41, 60, E9, 89, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 00, 73, 41, 60, E9, 30, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes CALL 6143AFCB
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 78, 80, 41, 60, E9, 8D, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, 38, FF, 40, 60, E9, 7D, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, A8, 04, 41, 60, E9, E5, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 28, C2, 40, 60, E9, AD, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, 98, C7, 40, 60, E9, 74, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 68, AC, 40, 60, E9, 9B, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, 38, 2A, 41, 60, E9, A0, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, 18, 35, 41, 60, E9, CB, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, C8, 24, 41, 60, E9, 3B, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, C8, 8B, 40, 60, E9, 57, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, A8, 2F, 41, 60, E9, 26, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, F8, A6, 40, 60, E9, 69, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 58, 86, 40, 60, E9, 55, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, B8, BC, 40, 60, E9, A3, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2180] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[2180] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\Explorer.EXE[2180] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\Explorer.EXE[2180] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2180] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\Explorer.EXE[2180] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Winamp\winampa.exe[2904] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Winamp\winampa.exe[2904] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Winamp\winampa.exe[2904] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Winamp\winampa.exe[2904] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Winamp\winampa.exe[2904] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Winamp\winampa.exe[2904] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\scthemes\scthemes.exe[3768] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\scthemes\scthemes.exe[3768] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\scthemes\scthemes.exe[3768] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\scthemes\scthemes.exe[3768] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\scthemes\scthemes.exe[3768] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\scthemes\scthemes.exe[3768] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, E0, 2E, 40, 60, E9, D1, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes CALL 65F11292
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, 98, 68, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 10, 70, 42, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, B8, DA, 40, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 48, AE, 41, 60, E9, 61, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, B8, 5D, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, 58, BE, 41, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, 68, A3, 41, 60, E9, 81, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, D8, A8, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, B8, 70, 40, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, 28, 63, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, F8, 1C, 41, 60, E9, ED, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 80, 75, 42, 60, E9, 71, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, D8, D3, 41, 60, E9, 12, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, 68, CE, 41, 60, E9, 74, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 48, 94, 40, 60, E9, 53, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, C0, 39, 40, 60, E9, 8F, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 40, 8B, 42, 60, E9, BF, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateEventW 7C80A739 10 Bytes JMP AA6A077E
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, D0, 85, 42, 60, E9, F8, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 50, 34, 40, 60, E9, 28, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 38, F2, 40, 60, E9, 1F, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, 60, C6, 41, 60, E9, 59, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 48, D9, 41, 60, E9, 9F, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, B0, D2, 40, 60, E9, 76, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 60, 80, 42, 60, E9, 6C, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 30, 3F, 40, 60, E9, 4C, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, B0, 90, 42, 60, E9, 10, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 98, A4, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 58, 12, 41, 60, E9, 44, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 28, 9F, 40, 60, E9, BD, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 78, 48, 41, 60, E9, 29, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes CALL 65E76BDE
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 98, 3D, 41, 60, E9, 73, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 08, 43, 41, 60, E9, 50, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, D8, FC, 40, 60, E9, 6B, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, A0, 70, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 18, 7E, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 10, 76, 41, 60, E9, 30, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, F8, 88, 41, 60, E9, 25, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 88, 83, 41, 60, E9, 8D, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, 48, 02, 41, 60, E9, 7D, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, B8, 07, 41, 60, E9, E5, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 78, AF, 40, 60, E9, 9B, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, 48, 2D, 41, 60, E9, A0, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, 28, 38, 41, 60, E9, CB, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, D8, 27, 41, 60, E9, 3B, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, D8, 8E, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, B8, 32, 41, 60, E9, 26, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 08, AA, 40, 60, E9, 69, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 68, 89, 40, 60, E9, 55, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, C8, BF, 40, 60, E9, A3, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] WS2_32.dll!WEP + FFFEF156 71AB1273 10 Bytes CALL 5B0B532C
.text C:\WINDOWS\system32\taskmgr.exe[4780] WS2_32.dll!connect 71AB4A07 10 Bytes CALL 5B0B8C01
.text C:\WINDOWS\system32\taskmgr.exe[4780] WS2_32.dll!send 71AB4C27 10 Bytes [ 68, E0, ED, 41, 60, E9, 3F, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] WS2_32.dll!WSAStartup 71AB6A55 10 Bytes [ 68, 58, BA, 40, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 38, C5, 40, 60, E9, AD, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, A8, CA, 40, 60, E9, 74, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, 70, 2F, 40, 60, E9, D1, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, 78, B2, 41, 60, E9, 91, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, 28, 62, 41, 60, E9, 01, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 20, 66, 42, 60, E9, 11, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, 48, D4, 40, 60, E9, 11, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, D8, A7, 41, 60, E9, 61, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, 48, 57, 41, 60, E9, E1, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes CALL 65F11771
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, F8, 9C, 41, 60, E9, 81, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, 68, A2, 41, 60, E9, E1, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, 48, 71, 40, 60, E9, B1, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, B8, 5C, 41, 60, E9, 01, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 88, 16, 41, 60, E9, ED, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 90, 6B, 42, 60, E9, 71, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 68, CD, 41, 60, E9, 12, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, F8, C7, 41, 60, E9, 74, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, D8, 94, 40, 60, E9, 53, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, 50, 3A, 40, 60, E9, 8F, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 50, 81, 42, 60, E9, BF, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 98, E2, 40, 60, E9, 2D, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, E0, 7B, 42, 60, E9, F8, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, E0, 34, 40, 60, E9, 28, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, C8, EB, 40, 60, E9, 1F, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, F0, BF, 41, 60, E9, 59, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, D8, D2, 41, 60, E9, 9F, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, 40, CC, 40, 60, E9, 76, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 70, 76, 42, 60, E9, 6C, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, C0, 3F, 40, 60, E9, 4C, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, C0, 86, 42, 60, E9, 10, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 28, A5, 40, 60, E9, 57, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes CALL 65E5EB32
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, B8, 9F, 40, 60, E9, BD, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 08, 42, 41, 60, E9, 29, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, 78, 47, 41, 60, E9, DA, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 28, 37, 41, 60, E9, 73, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 98, 3C, 41, 60, E9, 50, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 08, B0, 40, 60, E9, 9B, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, D8, 26, 41, 60, E9, A0, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, B8, 31, 41, 60, E9, CB, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, 68, 21, 41, 60, E9, 3B, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, 68, 8F, 40, 60, E9, 57, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, 48, 2C, 41, 60, E9, 26, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 98, AA, 40, 60, E9, 69, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, F8, 89, 40, 60, E9, 55, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, D8, BC, 40, 60, E9, A3, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 68, F6, 40, 60, E9, 6B, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, 30, 6A, 41, 60, E9, 89, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, A8, 77, 41, 60, E9, 89, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, A0, 6F, 41, 60, E9, 30, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 88, 82, 41, 60, E9, 25, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 18, 7D, 41, 60, E9, 8D, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, D8, FB, 40, 60, E9, 7D, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, 48, 01, 41, 60, E9, E5, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 48, C2, 40, 60, E9, AD, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, F8, C5, 40, 60, E9, 74, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, E0, 2E, 40, 60, E9, D1, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, 68, B5, 41, 60, E9, 91, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, 18, 65, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 18, 69, 42, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, 38, D7, 40, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, C8, AA, 41, 60, E9, 61, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, 38, 5A, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, D8, BA, 41, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes CALL 65F11789
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, 58, A5, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, B8, 70, 40, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, A8, 5F, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 78, 19, 41, 60, E9, ED, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 88, 6E, 42, 60, E9, 71, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 58, D0, 41, 60, E9, 12, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes CALL 65E060C1
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 48, 94, 40, 60, E9, 53, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, C0, 39, 40, 60, E9, 8F, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 48, 84, 42, 60, E9, BF, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 88, E5, 40, 60, E9, 2D, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, D8, 7E, 42, 60, E9, F8, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 50, 34, 40, 60, E9, 28, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, B8, EE, 40, 60, E9, 1F, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, E0, C2, 41, 60, E9, 59, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, C8, D5, 41, 60, E9, 9F, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, 30, CF, 40, 60, E9, 76, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 68, 79, 42, 60, E9, 6C, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 30, 3F, 40, 60, E9, 4C, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, B8, 89, 42, 60, E9, 10, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 98, A4, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, D8, 0E, 41, 60, E9, 44, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 28, 9F, 40, 60, E9, BD, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, F8, 44, 41, 60, E9, 29, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, 68, 4A, 41, 60, E9, DA, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 18, 3A, 41, 60, E9, 73, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 88, 3F, 41, 60, E9, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, B8, C1, 40, 60, E9, AD, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, 28, C7, 40, 60, E9, 74, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 58, F9, 40, 60, E9, 6B, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, 20, 6D, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 98, 7A, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 90, 72, 41, 60, E9, 30, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 78, 85, 41, 60, E9, 25, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 08, 80, 41, 60, E9, 8D, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, C8, FE, 40, 60, E9, 7D, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, 38, 04, 41, 60, E9, E5, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 78, AF, 40, 60, E9, 9B, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, C8, 29, 41, 60, E9, A0, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, A8, 34, 41, 60, E9, CB, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, 58, 24, 41, 60, E9, 3B, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, D8, 8E, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, 38, 2F, 41, 60, E9, 26, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 08, AA, 40, 60, E9, 69, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 68, 89, 40, 60, E9, 55, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, 48, BC, 40, 60, E9, A3, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes CALL 660F7FC4
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, F0, B4, B0, 7E, E9, 91, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, A0, 64, B0, 7E, E9, 01, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 10, 64, B1, 7E, E9, 11, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, C0, D6, AF, 7E, E9, 11, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 50, AA, B0, 7E, E9, 61, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, C0, 59, B0, 7E, E9, E1, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, 60, BA, B0, 7E, E9, B1, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, 70, 9F, B0, 7E, E9, 81, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, E0, A4, B0, 7E, E9, E1, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, C0, 6C, AF, 7E, E9, B1, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, 30, 5F, B0, 7E, E9, 01, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 00ACC56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 00, 19, B0, 7E, E9, ED, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 80, 69, B1, 7E, E9, 71, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, D8, C7, B0, 7E, E9, 12, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, 68, C2, B0, 7E, E9, 74, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 50, 90, AF, 7E, E9, 53, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, C8, 35, AF, 7E, E9, 8F, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 40, 7F, B1, 7E, E9, BF, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 10, E5, AF, 7E, E9, 2D, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, D0, 79, B1, 7E, E9, F8, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 58, 30, AF, 7E, E9, 28, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 40, EE, AF, 7E, E9, 1F, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 00ACC56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 48, CD, B0, 7E, E9, 9F, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, B8, CE, AF, 7E, E9, 76, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 00ACC56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 60, 74, B1, 7E, E9, 6C, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 38, 3B, AF, 7E, E9, 4C, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, B0, 84, B1, 7E, E9, 10, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, A0, A0, AF, 7E, E9, 57, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 60, 0E, B0, 7E, E9, 44, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 30, 9B, AF, 7E, E9, BD, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 80, 44, B0, 7E, E9, 29, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, F0, 49, B0, 7E, E9, DA, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, A0, 39, B0, 7E, E9, 73, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 10, 3F, B0, 7E, E9, 50, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, E0, F8, AF, 7E, E9, 6B, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, A8, 6C, B0, 7E, E9, 89, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 20, 7A, B0, 7E, E9, 89, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 18, 72, B0, 7E, E9, 30, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 00, 85, B0, 7E, E9, 25, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 90, 7F, B0, 7E, E9, 8D, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, 50, FE, AF, 7E, E9, 7D, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, C0, 03, B0, 7E, E9, E5, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 80, AB, AF, 7E, E9, 9B, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, 50, 29, B0, 7E, E9, A0, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, 30, 34, B0, 7E, E9, CB, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, E0, 23, B0, 7E, E9, 3B, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, E0, 8A, AF, 7E, E9, 57, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, C0, 2E, B0, 7E, E9, 26, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 10, A6, AF, 7E, E9, 69, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 70, 85, AF, 7E, E9, 55, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, D0, BB, AF, 7E, E9, A3, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 40, C1, AF, 7E, E9, AD, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, B0, C6, AF, 7E, E9, 74, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] WS2_32.dll!WEP + FFFEF156 71AB1273 10 Bytes [ 68, F0, B0, AF, 7E, E9, F3, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] WS2_32.dll!connect 71AB4A07 10 Bytes CALL 5B29FAF5
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] WS2_32.dll!send 71AB4C27 10 Bytes [ 68, E0, E1, B0, 7E, E9, 3F, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] WS2_32.dll!WSAStartup 71AB6A55 10 Bytes [ 68, 60, B6, AF, 7E, E9, 11, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, D0, 48, 42, 60, E9, 11, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 80, 8A, 41, 60, E9, 61, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, B0, 42, 41, 60, E9, E1, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, 90, 9A, 41, 60, E9, B1, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, A0, 7F, 41, 60, E9, 81, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, 10, 85, 41, 60, E9, E1, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, F0, 08, 41, 60, E9, ED, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 18, B0, 41, 60, E9, 12, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, A8, AA, 41, 60, E9, 74, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, C0, 91, 40, 60, E9, 53, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, B8, 3A, 40, 60, E9, 8F, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 00, 64, 42, 60, E9, BF, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 40, DA, 40, 60, E9, 2D, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 48, 35, 40, 60, E9, 28, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 70, E3, 40, 60, E9, 1F, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, A0, A2, 41, 60, E9, 59, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 88, B5, 41, 60, E9, 9F, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 20, 59, 42, 60, E9, 6C, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, 70, 69, 42, 60, E9, 10, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 10, A2, 40, 60, E9, 57, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 50, FE, 40, 60, E9, 44, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, A0, 9C, 40, 60, E9, BD, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 70, 2D, 41, 60, E9, 29, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, E0, 32, 41, 60, E9, DA, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 90, 22, 41, 60, E9, 73, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 00, 28, 41, 60, E9, 50, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!PostMessageW 7E418CCB 10 Bytes [ 68, 30, AB, 40, 60, E9, 9B, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!GetMessageW 7E4191C6 10 Bytes [ 68, 80, 17, 41, 60, E9, A0, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!PeekMessageW 7E41929B 10 Bytes [ 68, E0, 1E, 41, 60, E9, CB, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!GetMessageA 7E42772B 10 Bytes [ 68, D0, 13, 41, 60, E9, 3B, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!SetWindowsHookExW 7E42820F 10 Bytes [ 68, 10, 8E, 40, 60, E9, 57, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!PeekMessageA 7E42A340 10 Bytes [ 68, 30, 1B, 41, 60, E9, 26, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!PostMessageA 7E42AAFD 10 Bytes [ 68, 80, A7, 40, 60, E9, 69, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!SetWindowsHookExA 7E431211 10 Bytes [ 68, 60, 8A, 40, 60, E9, 55, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!DdeConnect 7E4581C3 10 Bytes [ 68, 40, B6, 40, 60, E9, A3, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 10, EE, 40, 60, E9, 6B, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, 98, 55, 41, 60, E9, 89, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 90, 5F, 41, 60, E9, 89, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 48, 59, 41, 60, E9, 30, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, F0, 66, 41, 60, E9, 25, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 40, 63, 41, 60, E9, 8D, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, C0, F1, 40, 60, E9, 7D, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, 70, F5, 40, 60, E9, E5, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, F0, B9, 40, 60, E9, AD, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, A0, BD, 40, 60, E9, 74, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, E0, 2E, 40, 60, E9, D1, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, 68, B5, 41, 60, E9, 91, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, 18, 65, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 18, 69, 42, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, 38, D7, 40, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, C8, AA, 41, 60, E9, 61, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, 38, 5A, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, D8, BA, 41, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes CALL 65F11789
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, 58, A5, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, B8, 70, 40, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, A8, 5F, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 78, 19, 41, 60, E9, ED, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 88, 6E, 42, 60, E9, 71, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 58, D0, 41, 60, E9, 12, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes CALL 65E060C1
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 48, 94, 40, 60, E9, 53, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, C0, 39, 40, 60, E9, 8F, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 48, 84, 42, 60, E9, BF, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 88, E5, 40, 60, E9, 2D, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, D8, 7E, 42, 60, E9, F8, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 50, 34, 40, 60, E9, 28, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, B8, EE, 40, 60, E9, 1F, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, E0, C2, 41, 60, E9, 59, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, C8, D5, 41, 60, E9, 9F, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, 30, CF, 40, 60, E9, 76, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 68, 79, 42, 60, E9, 6C, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 30, 3F, 40, 60, E9, 4C, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, B8, 89, 42, 60, E9, 10, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 98, A4, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, D8, 0E, 41, 60, E9, 44, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 28, 9F, 40, 60, E9, BD, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, F8, 44, 41, 60, E9, 29, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, 68, 4A, 41, 60, E9, DA, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 18, 3A, 41, 60, E9, 73, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 88, 3F, 41, 60, E9, 50, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 58, F9, 40, 60, E9, 6B, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, 20, 6D, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 98, 7A, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 90, 72, 41, 60, E9, 30, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 78, 85, 41, 60, E9, 25, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 08, 80, 41, 60, E9, 8D, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, C8, FE, 40, 60, E9, 7D, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, 38, 04, 41, 60, E9, E5, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 78, AF, 40, 60, E9, 9B, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, C8, 29, 41, 60, E9, A0, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, A8, 34, 41, 60, E9, CB, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, 58, 24, 41, 60, E9, 3B, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, D8, 8E, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, 38, 2F, 41, 60, E9, 26, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 08, AA, 40, 60, E9, 69, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 68, 89, 40, 60, E9, 55, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, 48, BC, 40, 60, E9, A3, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, B8, C1, 40, 60, E9, AD, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, 28, C7, 40, 60, E9, 74, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, 88, 2F, 40, 60, E9, D1, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, 10, B6, 41, 60, E9, 91, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, C0, 65, 41, 60, E9, 01, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 38, 6D, 42, 60, E9, 11, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, E0, D7, 40, 60, E9, 11, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 70, AB, 41, 60, E9, 61, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, E0, 5A, 41, 60, E9, E1, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, 80, BB, 41, 60, E9, B1, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, 90, A0, 41, 60, E9, 81, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtQueueApcThread + 5 7C90D985 1 Byte [ 68 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtQueueApcThread + 7 7C90D987 8 Bytes JMP 6000C56D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, 60, 71, 40, 60, E9, B1, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, 50, 60, 41, 60, E9, 01, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 20, 1A, 41, 60, E9, ED, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, A8, 72, 42, 60, E9, 71, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 00, D1, 41, 60, E9, 12, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, 90, CB, 41, 60, E9, 74, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, F0, 94, 40, 60, E9, 53, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, 68, 3A, 40, 60, E9, 8F, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 68, 88, 42, 60, E9, BF, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 30, E6, 40, 60, E9, 2D, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, F8, 82, 42, 60, E9, F8, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, F8, 34, 40, 60, E9, 28, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 60, EF, 40, 60, E9, 1F, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, 88, C3, 41, 60, E9, 59, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 70, D6, 41, 60, E9, 9F, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, D8, CF, 40, 60, E9, 76, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 88, 7D, 42, 60, E9, 6C, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, D8, 3F, 40, 60, E9, 4C, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, D8, 8D, 42, 60, E9, 10, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 40, A5, 40, 60, E9, 57, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 80, 0F, 41, 60, E9, 44, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, D0, 9F, 40, 60, E9, BD, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, A0, 45, 41, 60, E9, 29, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, 10, 4B, 41, 60, E9, DA, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, C0, 3A, 41, 60, E9, 73, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 30, 40, 41, 60, E9, 50, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 00, FA, 40, 60, E9, 6B, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, C8, 6D, 41, 60, E9, 89, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 40, 7B, 41, 60, E9, 89, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 38, 73, 41, 60, E9, 30, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 20, 86, 41, 60, E9, 25, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, B0, 80, 41, 60, E9, 8D, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, 70, FF, 40, 60, E9, 7D, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, E0, 04, 41, 60, E9, E5, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 20, B0, 40, 60, E9, 9B, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, 70, 2A, 41, 60, E9, A0, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, 50, 35, 41, 60, E9, CB, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, 00, 25, 41, 60, E9, 3B, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, 80, 8F, 40, 60, E9, 57, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, E0, 2F, 41, 60, E9, 26, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, B0, AA, 40, 60, E9, 69, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 10, 8A, 40, 60, E9, 55, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, F0, BC, 40, 60, E9, A3, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 60, C2, 40, 60, E9, AD, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, D0, C7, 40, 60, E9, 74, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ws2_32.dll!WEP + FFFEF156 71AB1273 10 Bytes [ 68, 90, B5, 40, 60, E9, F3, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ws2_32.dll!connect 71AB4A07 10 Bytes [ 68, D0, F4, 41, 60, E9, 5F, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ws2_32.dll!send 71AB4C27 10 Bytes [ 68, 88, EE, 41, 60, E9, 3F, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ws2_32.dll!WSAStartup 71AB6A55 10 Bytes [ 68, 40, B9, 40, 60, E9, 11, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, 28, 30, 40, 60, E9, D1, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, 30, B3, 41, 60, E9, 91, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, E0, 62, 41, 60, E9, 01, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, D8, 66, 42, 60, E9, 11, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtLoadDriver + 5 7C90D455 1 Byte [ 68 ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtLoadDriver + 7 7C90D457 8 Bytes JMP 6000C56D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 90, A8, 41, 60, E9, 61, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtOpenFile + 5 7C90D585 1 Byte [ 68 ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtOpenFile + 7 7C90D587 8 Bytes JMP 6000C56D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, A0, B8, 41, 60, E9, B1, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, B0, 9D, 41, 60, E9, 81, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, 20, A3, 41, 60, E9, E1, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtSetValueKey + 5 7C90DDB5 1 Byte [ 68 ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtSetValueKey + 7 7C90DDB7 8 Bytes JMP 6000C56D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, 70, 5D, 41, 60, E9, 01, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 40, 17, 41, 60, E9, ED, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 48, 6C, 42, 60, E9, 71, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 20, CE, 41, 60, E9, 12, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, B0, C8, 41, 60, E9, 74, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 90, 95, 40, 60, E9, 53, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, 08, 3B, 40, 60, E9, 8F, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 08, 82, 42, 60, E9, BF, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 50, E3, 40, 60, E9, 2D, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, 98, 7C, 42, 60, E9, F8, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 98, 35, 40, 60, E9, 28, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 80, EC, 40, 60, E9, 1F, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, A8, C0, 41, 60, E9, 59, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 90, D3, 41, 60, E9, 9F, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, F8, CC, 40, 60, E9, 76, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 28, 77, 42, 60, E9, 6C, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 78, 40, 40, 60, E9, 4C, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, 78, 87, 42, 60, E9, 10, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, E0, A5, 40, 60, E9, 57, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, A0, 0C, 41, 60, E9, 44, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 70, A0, 40, 60, E9, BD, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, C0, 42, 41, 60, E9, 29, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, 30, 48, 41, 60, E9, DA, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, E0, 37, 41, 60, E9, 73, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 50, 3D, 41, 60, E9, 50, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 20, F7, 40, 60, E9, 6B, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!OpenServiceW 77DE6FDD 10 Bytes CALL 613EB14C
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!ControlService 77DF49DD 10 Bytes [ 68, 60, 78, 41, 60, E9, 89, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!OpenServiceA 77DF4C36 10 Bytes [ 68, 58, 70, 41, 60, E9, 30, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 40, 83, 41, 60, E9, 25, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, D0, 7D, 41, 60, E9, 8D, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!CreateServiceA 77E371E9 10 Bytes [ 68, 90, FC, 40, 60, E9, 7D, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!CreateServiceW 77E37381 10 Bytes [ 68, 00, 02, 41, 60, E9, E5, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, C0, B0, 40, 60, E9, 9B, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, 90, 27, 41, 60, E9, A0, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, 70, 32, 41, 60, E9, CB, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, 20, 22, 41, 60, E9, 3B, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, 20, 90, 40, 60, E9, 57, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, 00, 2D, 41, 60, E9, 26, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 50, AB, 40, 60, E9, 69, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, B0, 8A, 40, 60, E9, 55, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, 90, BD, 40, 60, E9, A3, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 00, C3, 40, 60, E9, AD, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, B0, C6, 40, 60, E9, 74, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ws2_32.dll!WEP + FFFEF156 71AB1273 10 Bytes [ 68, 30, B6, 40, 60, E9, F3, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ws2_32.dll!connect 71AB4A07 10 Bytes [ 68, 70, EE, 41, 60, E9, 5F, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ws2_32.dll!send 71AB4C27 10 Bytes CALL B194AC6D
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ws2_32.dll!WSAStartup 71AB6A55 10 Bytes [ 68, E0, B9, 40, 60, E9, 11, ... ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

---- Threads - GMER 1.0.14 ----

Thread 4:3560 B31E7AB0
Thread 4:4524 B32FDAB0

---- EOF - GMER 1.0.14 ----

And my attache.txt file is atached

Thank you again.

Danny
You do not have the required permissions to view the files attached to this post.
DannyDKing
Regular Member
 
Posts: 18
Joined: February 15th, 2009, 1:59 am

Re: Infected. Please help me.

Unread postby ndmmxiaomayi » February 26th, 2009, 8:31 am

Hi Danny,

Your computer has got more infections this time round.

Step 1

Please disable BitDefender Antivirus temporarily as it may interfere with the fixes.

  1. Please click on Start > All Programs > BitDefender 2009 > BitDefender Antivirus 2009.
  2. At the top right hand corner, click on Switch to Advanced View if you are not in Advanced View.
  3. On the left, select Antivirus. Select the Shield tab on the right.
  4. Uncheck (untick) Real-time protection is enabled box. You will be prompted to select a duration. Select 30 minutes from the drop-down menu and click OK.

Please also disable Spyware Doctor temporarily as it may interfere with the fixes.

  1. Right click on Spyware Doctor icon in the system tray (near the clock).
  2. Select Disable OnGuard.
  3. OnGuard will open a prompt. Select Permanently turn off OnGuard (not recommended) from the drop-down list and click OK.
  4. Right click on the Spyware Doctor icon again and select ShutDown.
  5. Restart the computer for OnGuard to be disabled.

Step 2

Please double click on Combofix.exe to run it. If prompted to update it, please do so. After that, follow the prompts.

When finished, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Infected. Please help me.

Unread postby DannyDKing » February 26th, 2009, 7:25 pm

Here is my ComFix log.

I had to totally undo BitDefender and Spyware Doctor.. and had to run ComFix 5 times.
Wouldnt install

ComboFix 09-02-26.01 - Administrator 2009-02-26 18:17:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2354 [GMT -5:00]
Running from: c:\documents and settings\Administrator.DANNY2\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: BitDefender Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\frmwrk32.exe
c:\windows\system32\uniq.tll
.
---- Previous Run -------
.
c:\program files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\leaktests.m32
c:\windows\system32\hhs3ijndfd.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-26 to 2009-02-26 )))))))))))))))))))))))))))))))
.

2009-02-24 23:53 . 2009-02-24 23:53 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Windows Search
2009-02-24 20:45 . 2009-02-24 20:45 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-24 20:45 . 2009-02-24 20:45 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-24 19:10 . 2009-01-09 14:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 00:05 . 2009-02-24 00:05 <DIR> d-------- C:\RRT
2009-02-24 00:01 . 2009-02-24 00:01 16,244 --a------ c:\windows\system32\rrt_is.wav
2009-02-24 00:01 . 2009-02-24 00:01 7,302 --a------ c:\windows\system32\rrt_vf.wav
2009-02-24 00:01 . 2009-02-24 00:01 7,148 --a------ c:\windows\system32\rrt_tv.wav
2009-02-24 00:01 . 2009-02-24 00:01 6,282 --a------ c:\windows\system32\rrt_tn.wav
2009-02-23 23:53 . 2009-02-23 23:53 <DIR> d-------- C:\myRTVAULT
2009-02-23 23:53 . 2009-02-23 23:55 <DIR> d-------- C:\MyRT
2009-02-23 21:49 . 2009-02-23 21:49 0 --a------ C:\eslb.exe
2009-02-23 21:49 . 2009-02-23 21:49 0 --a------ C:\bwrsnohl.exe
2009-02-23 21:48 . 2009-02-23 21:48 0 --a------ C:\puphu.exe
2009-02-23 21:48 . 2009-02-23 21:48 0 --a------ C:\aheg.exe
2009-02-23 21:47 . 2009-02-23 21:47 40,448 --a------ C:\kyamdorp.exe
2009-02-23 21:47 . 2009-02-23 21:47 39,936 --a------ c:\windows\Hregogodinirey.dll
2009-02-23 21:47 . 2009-02-23 21:47 39,936 --a------ C:\sqmarv.exe
2009-02-23 21:47 . 2009-02-23 21:47 27,136 --a------ C:\mpypakmw.exe
2009-02-23 21:47 . 2009-02-23 21:47 1,980 --a------ C:\wxhymf.exe
2009-02-23 21:47 . 2009-02-23 21:47 1,980 --a------ C:\hjotfjn.exe
2009-02-23 21:47 . 2009-02-23 21:47 0 --a------ C:\484847148
2009-02-23 17:40 . 2009-02-24 23:13 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-22 12:12 . 2009-02-22 12:12 <DIR> d-------- c:\program files\Microsoft
2009-02-22 12:11 . 2009-02-22 12:11 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Windows Desktop Search
2009-02-22 12:10 . 2009-02-22 12:10 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-02-22 12:10 . 2009-02-22 12:10 <DIR> d-------- c:\program files\Windows Desktop Search
2009-02-22 12:10 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-02-22 12:10 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-02-22 12:10 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-02-21 13:24 . 2009-02-21 13:24 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-21 13:24 . 2009-02-21 13:24 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-21 13:23 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-21 13:23 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-21 13:23 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-21 13:23 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-21 13:23 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-21 13:23 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-21 13:23 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-21 12:28 . 2008-12-20 18:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-21 12:28 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-21 12:28 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-21 12:28 . 2008-12-20 18:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-21 12:28 . 2008-12-20 18:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-21 12:28 . 2008-12-20 18:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-21 12:28 . 2008-12-20 18:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-21 12:28 . 2008-12-20 18:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-21 12:28 . 2008-12-19 04:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-21 11:43 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-20 05:13 . 2009-02-21 05:13 124 --a------ c:\windows\wininit.ini
2009-02-19 17:20 . 2009-02-25 22:02 250 --a------ c:\windows\gmer.ini
2009-02-18 07:17 . 2009-02-18 07:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2009-02-16 20:10 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-16 20:10 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-15 01:03 . 2009-02-15 01:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-14 22:43 . 2009-02-24 20:51 643 --a------ c:\windows\win.tmp
2009-02-14 22:43 . 2009-02-23 21:50 227 --a------ c:\windows\system.tmp
2009-02-14 22:23 . 2009-02-22 11:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\BitDefender
2009-02-14 22:23 . 2009-02-14 22:23 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\BitDefender
2009-02-14 22:22 . 2009-02-14 22:23 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-02-14 14:28 . 2009-02-22 11:44 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-14 12:35 . 2009-02-14 12:35 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-02-14 12:35 . 2009-02-14 12:35 385 --a------ c:\windows\system32\user_gensett.xml
2009-02-14 12:25 . 2009-02-14 12:25 <DIR> d-------- c:\windows\system32\logs
2009-02-14 12:24 . 2009-02-14 12:24 <DIR> d-------- c:\windows\system32\URTTEMP
2009-02-14 12:24 . 2009-02-14 22:23 <DIR> d-------- c:\program files\BitDefender
2009-02-14 11:41 . 2009-02-14 11:41 <DIR> d-------- c:\program files\Magentic
2009-02-14 11:41 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
2009-02-14 11:27 . 2009-02-14 11:31 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-02-14 11:22 . 2009-02-14 11:22 <DIR> d---s---- c:\documents and settings\Administrator.DANNY2\UserData
2009-02-14 11:19 . 2009-02-14 12:18 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-02-14 10:33 . 2009-02-14 10:39 <DIR> d-------- c:\program files\Thoosje Vista Sidebar
2009-02-14 10:29 . 2009-02-14 10:29 <DIR> d-------- c:\program files\RapidSolution
2009-02-14 10:29 . 2009-02-14 10:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\RapidSolution
2009-02-14 10:17 . 2009-02-14 10:17 <DIR> d-------- c:\program files\Winamp Toolbar
2009-02-14 10:17 . 2009-02-14 10:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Winamp Toolbar
2009-02-14 10:07 . 2009-02-14 10:14 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Winamp
2009-02-14 09:56 . 2009-02-14 09:56 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\PC Tools
2009-02-14 09:53 . 2009-02-14 09:55 <DIR> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-02-14 09:49 . 2008-06-13 06:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-02-14 09:49 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-14 09:48 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-14 09:48 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-14 09:48 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-14 09:48 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-14 09:47 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-14 09:47 . 2008-12-11 05:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-14 09:46 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-14 09:46 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-14 09:45 . 2009-02-14 09:45 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\River Past G5
2009-02-14 09:45 . 2009-02-14 09:45 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\River Past G5
2009-02-14 09:42 . 2009-02-14 09:42 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\RoboForm
2009-02-13 23:59 . 2009-02-13 23:59 <DIR> d-------- c:\documents and settings\ADMINI~1~DAN\LOCALS~1
2009-02-13 23:59 . 2009-02-13 23:59 <DIR> d-------- c:\documents and settings\ADMINI~1~DAN
2009-02-13 23:13 . 2009-02-13 23:13 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\vlc
2009-02-13 22:37 . 2009-02-13 22:37 <DIR> d-------- c:\program files\iTunes
2009-02-13 22:37 . 2009-02-13 22:37 <DIR> d-------- c:\program files\iPod
2009-02-13 22:37 . 2009-02-13 22:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-13 22:37 . 2009-02-14 11:07 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Apple Computer
2009-02-13 22:37 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-13 22:37 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-13 22:36 . 2009-02-14 09:06 <DIR> d-------- c:\program files\Bonjour
2009-02-13 22:36 . 2009-02-24 20:53 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-02-13 22:35 . 2009-02-13 22:35 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-02-13 22:22 . 2009-02-13 22:22 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Nero
2009-02-13 22:10 . 2009-02-13 22:10 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-13 22:04 . 2008-06-20 06:51 361,600 --a--c--- c:\windows\system32\dllcache\tcpip.sys
2009-02-13 22:04 . 2008-06-20 12:46 245,248 --a--c--- c:\windows\system32\dllcache\mswsock.dll
2009-02-13 22:04 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2009-02-13 22:04 . 2006-08-16 06:58 100,352 --a--c--- c:\windows\system32\dllcache\6to4svc.dll
2009-02-13 22:04 . 2008-06-24 11:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
2009-02-13 22:01 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-13 22:00 . 2009-02-13 22:21 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-13 22:00 . 2009-02-13 22:06 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2009-02-13 21:59 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-13 21:11 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-02-13 21:10 . 2009-02-13 21:10 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-13 21:08 . 2009-02-13 21:08 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-13 21:07 . 2009-02-22 12:12 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-13 20:55 . 2009-02-13 20:55 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\1Click DVD Movie
2009-02-13 20:55 . 2009-02-13 20:55 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\1Click DVD Copy Pro
2009-02-13 20:55 . 2009-02-13 20:55 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Vso
2009-02-13 20:55 . 2009-02-13 20:55 87,608 --a------ c:\documents and settings\Administrator.DANNY2\Application Data\ezpinst.exe
2009-02-13 20:55 . 2009-02-13 20:55 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-02-13 20:55 . 2009-02-13 20:55 47,360 --a------ c:\documents and settings\Administrator.DANNY2\Application Data\pcouffin.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 04:09 --------- d-----w c:\program files\QuickTime
2009-02-26 03:26 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 02:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-21 18:24 --------- d-----w c:\program files\MSBuild
2009-02-15 04:59 82,696 ----a-w c:\windows\system32\drivers\BDVEDISK.sys
2009-02-15 04:59 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-02-14 17:35 --------- d-----w c:\program files\Spyware Doctor
2009-02-14 15:17 --------- d-----w c:\program files\Winamp
2009-02-14 03:35 --------- d-----w c:\program files\Common Files\Apple
2009-02-14 03:11 --------- d-----w c:\program files\Nero
2009-02-14 03:00 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-13 02:44 --------- d-----w c:\program files\DivX
2009-02-13 02:07 --------- d-----w c:\program files\PowerISO
2009-02-12 19:42 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\s_4610_OTk4fHx8fDk5OHx8fDEyNDUxNzUwNzJ8_
2009-02-02 04:42 --------- d-----w c:\program files\Bitmanagement Software
2009-01-26 01:13 --------- d-----w c:\program files\Raven
2009-01-21 22:42 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Tools
2009-01-21 01:15 --------- d-----w c:\program files\Winamp Remote
2009-01-10 04:04 --------- d-----w c:\documents and settings\Administrator\Application Data\IMVU
2009-01-10 03:35 --------- d-----w c:\documents and settings\Administrator\Application Data\IMVUClient
2009-01-07 04:15 --------- d-----w c:\documents and settings\Administrator\Application Data\Bradsoft.com
2009-01-07 04:12 --------- d-----w c:\program files\Bradbury
2009-01-07 02:07 --------- d-----w c:\program files\Ipswitch
2009-01-07 02:07 --------- d-----w c:\documents and settings\Administrator\Application Data\Ipswitch
2009-01-05 23:22 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-05 23:22 --------- d-----w c:\program files\Common Files\Adobe
2009-01-04 22:45 --------- d-----w c:\program files\LucasArts
2009-01-02 02:15 --------- d-----w c:\program files\ParallelGraphics
2009-01-02 01:45 --------- d-----w c:\program files\Vivaty
2009-01-01 19:22 --------- d-----w c:\program files\IrfanView
2008-12-31 04:45 --------- d-----w c:\program files\Siber Systems
2008-12-27 22:55 --------- d-----w c:\program files\Windows XP Fun Pack
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-12-06 15:47 87,608 ----a-w c:\documents and settings\Administrator\Application Data\ezpinst.exe
2008-12-06 15:47 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2007-02-13 00:10 2,682,880 ------w c:\documents and settings\All Users.WINDOWS\VCREDI~3.EXE
.

------- Sigcheck -------

2008-08-26 04:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-12-20 18:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
2006-02-28 07:00 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 02:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\ie7updates\KB961260-IE7\wininet.dll
2008-04-13 19:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\ServicePackFiles\i386\wininet.dll
2008-12-20 18:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\wininet.dll
2008-12-20 18:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\wininet.dll
2008-08-26 02:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll
2008-08-26 04:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\wininet.dll
2008-10-16 05:37 659456 6f1e4bfd78c4e0d05ff3725d59b72925 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll
2008-10-16 05:20 667648 93c9d0a216498ee14eb9b26119bb95ee c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll
2008-10-15 20:00 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll
2008-10-15 20:04 667136 e8fce58a470999350f64c591557f9e42 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll
2008-04-13 19:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wininet.dll
2008-12-20 18:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\system32\wininet.dll
2008-12-20 18:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-02-21_16.45.07.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-27 17:31:16 765,952 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB938127-v2-IE7\update\updspapi.dll
+ 2008-05-02 13:42:10 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15 512,000 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17 90,112 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2009-02-26 02:55:47 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-02-26 02:55:47 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-02-26 02:55:47 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-02-26 02:55:47 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-02-26 02:55:48 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-02-26 02:55:48 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-02-26 02:55:48 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2009-02-26 02:55:48 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-02-26 02:55:47 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-02-14 02:10:27 781,104 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-02-22 08:01:52 783,744 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
- 2009-02-21 17:15:10 1,257,472 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-02-22 15:46:55 1,265,664 ----a-w c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-02-21 17:15:11 1,224,704 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-02-22 15:46:56 1,232,896 ----a-w c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-02-14 02:10:32 118,112 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2009-02-22 08:01:54 120,408 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
- 2009-02-14 02:10:32 609,104 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-02-22 08:01:54 611,392 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-02-22 15:47:04 61,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_061285e7\CustomMarshalers.dll
+ 2009-02-22 15:47:25 118,784 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_3aceaaa7\CustomMarshalers.dll
+ 2009-02-22 15:47:20 3,391,488 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_16f77a52\mscorlib.dll
+ 2009-02-22 15:47:36 8,908,800 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_50da63ed\mscorlib.dll
+ 2009-02-22 15:47:32 3,395,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_919b7758\System.Design.dll
+ 2009-02-22 15:47:16 1,470,464 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_f87d81af\System.Design.dll
+ 2009-02-22 15:47:25 192,512 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_46a0a05c\System.Drawing.Design.dll
+ 2009-02-22 15:47:05 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_cdff75ff\System.Drawing.Design.dll
+ 2009-02-22 15:47:34 2,244,608 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_7be62038\System.Drawing.dll
+ 2009-02-22 15:47:18 835,584 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c1946a93\System.Drawing.dll
+ 2009-02-22 15:47:09 3,018,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_748fed1a\System.Windows.Forms.dll
+ 2009-02-22 15:47:28 7,884,800 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b415b2eb\System.Windows.Forms.dll
+ 2009-02-22 15:47:31 5,513,216 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3489b52b\System.Xml.dll
+ 2009-02-22 15:47:13 2,088,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b5087576\System.Xml.dll
+ 2009-02-22 15:47:03 1,966,080 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_122a9e51\System.dll
+ 2009-02-22 15:47:24 4,788,224 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_eb46e4b2\System.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2006-10-27 00:48:14 439,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-27 00:48:14 434,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 19:10:08 1,190,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-27 00:21:24 1,682,232 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 20:09:36 983,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2009-02-14 02:10:32 609,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IPOMHOST.DLL
+ 2009-02-14 02:10:32 118,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IPOMINT.DLL
+ 2006-10-26 18:58:14 117,552 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 01:12:58 428,816 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 02:13:36 26,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 01:00:08 6,635,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 18:56:36 436,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 20:14:34 14,151,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 01:14:06 7,033,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-07-26 23:53:56 459,080 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 02:30:44 482,088 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 02:13:38 38,168 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2009-02-14 02:10:27 781,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\WORDPIA.DLL
+ 2007-08-29 04:22:36 579,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACACEDAO.DLL
+ 2007-08-24 10:17:04 165,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACCWIZ.DLL
+ 2007-08-29 04:22:30 1,754,536 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACECORE.DLL
+ 2007-08-29 04:22:36 579,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEDAO.DLL
+ 2007-08-29 04:22:38 50,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEERR.DLL
+ 2007-08-29 04:22:40 193,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEES.DLL
+ 2007-08-24 08:46:10 341,440 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEEXCH.DLL
+ 2007-08-24 08:46:14 632,248 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEEXCL.DLL
+ 2007-08-24 08:46:16 210,368 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACELTS.DLL
+ 2007-08-24 08:46:18 281,992 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEODBC.DLL
+ 2007-08-24 08:46:20 17,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEODDBS.DLL
+ 2007-08-24 08:46:22 17,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEODEXL.DLL
+ 2007-08-24 08:46:22 17,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEODPDX.DLL
+ 2007-08-24 08:46:22 17,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEODTXT.DLL
+ 2007-08-29 04:22:44 390,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEOLEDB.DLL
+ 2007-08-24 08:46:28 394,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEPDE.DLL
+ 2007-08-24 08:46:30 263,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACER2X.DLL
+ 2007-08-24 08:46:32 292,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACER3X.DLL
+ 2007-08-24 08:46:34 58,760 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACERCLR.DLL
+ 2007-08-24 08:46:38 554,440 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEREP.DLL
+ 2007-08-24 08:46:40 226,744 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACETXT.DLL
+ 2007-08-29 05:52:12 201,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEWSS.DLL
+ 2007-08-24 08:46:44 374,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ACEXBE.DLL
+ 2007-08-29 05:53:12 402,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\CDLMSO.DLL
+ 2007-08-24 08:45:50 208,256 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\CLVIEW.EXE
+ 2007-08-24 10:38:36 67,952 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\COLLIMP.DLL
+ 2007-08-24 08:36:26 192,400 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\CONTACTPICKER.DLL
+ 2007-08-24 11:58:50 237,424 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\DRAT.EXE
+ 2007-08-23 06:19:06 78,728 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\FORM.DLL
+ 2007-10-03 00:45:34 2,530,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GRAPH.EXE
+ 2007-08-29 05:23:36 340,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVE.EXE
+ 2007-08-29 05:23:52 6,192,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEACCOUNTMGR.DLL
+ 2007-08-29 05:24:06 286,064 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEAUDIO.DLL
+ 2007-08-24 11:59:20 68,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEAUDITSERVICE.EXE
+ 2007-08-29 05:24:08 36,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEAUTOPROXY.DLL
+ 2007-08-29 05:24:10 301,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVECALENDARTOOL.DLL
+ 2007-08-24 11:59:26 36,208 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVECLEAN.EXE
+ 2007-08-29 05:24:24 2,690,944 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVECOMMONCOMPONENTS.DLL
+ 2007-08-29 05:24:52 3,514,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2007-08-29 05:25:00 118,688 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2007-08-29 05:25:02 769,400 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVECOMPONENTMGR.DLL
+ 2007-08-29 05:25:10 1,362,288 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVECRYPTO.DLL
+ 2007-08-24 12:00:16 378,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEDATAVIEWERTOOL.DLL
+ 2007-08-29 05:25:22 3,073,928 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEDOCUMENTSHARETOOL.DLL
+ 2007-08-29 05:25:32 287,104 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEFETCHSERVICES.DLL
+ 2007-08-24 12:00:36 200,048 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEGAMES.DLL
+ 2007-08-24 12:00:40 320,376 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEMIGRATOR.EXE
+ 2007-08-24 12:00:46 1,562,472 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEMISC.DLL
+ 2007-08-24 12:00:48 33,648 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEMONITOR.EXE
+ 2007-08-24 12:00:50 25,448 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVENEW.DLL
+ 2007-08-24 12:00:52 225,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEPROJECTTOOLSET.DLL
+ 2007-08-29 05:25:54 7,053,680 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVERESOURCE.DLL
+ 2007-08-24 12:01:22 2,212,224 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVESHELLEXTENSIONS.DLL
+ 2007-08-24 12:01:28 364,920 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVESKETCHTOOL.DLL
+ 2007-08-24 12:01:30 19,328 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVESTDURLLAUNCHER.EXE
+ 2007-08-29 05:26:12 2,740,600 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVESTORAGEMGR.DLL
+ 2007-08-29 05:26:18 36,216 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVESYSTEMMODE.DLL
+ 2007-08-24 12:01:46 224,128 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVESYSTEMSERVICES.DLL
+ 2007-08-29 05:26:22 1,165,176 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVETEXTTOOLS.DLL
+ 2007-08-29 05:26:34 4,747,128 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVETRANSCEIVER.DLL
+ 2007-08-29 05:26:44 1,398,136 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEUIFRAMEWORK.DLL
+ 2007-08-24 12:02:24 959,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEUTIL.DLL
+ 2007-08-29 05:26:48 269,184 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEWEBBROWSERTOOL2.DLL
+ 2007-08-24 12:02:34 573,832 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEWEBPLATFORMSERVICES.DLL
+ 2007-08-29 05:26:54 632,696 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\GROOVEWEBSERVICES.DLL
+ 2007-08-24 08:36:58 175,968 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\IEAWSDC.DLL
+ 2007-10-06 01:30:22 1,443,880 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\INFOPATH.EXE
+ 2007-10-06 01:30:40 5,460,528 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\IPDESIGN.DLL
+ 2007-10-06 01:31:06 5,287,984 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2007-08-24 10:43:06 179,616 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\IPOLK.DLL
+ 2007-08-29 05:45:54 831,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MEDCAT.DLL
+ 2007-08-29 04:13:52 10,367,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSACCESS.EXE
+ 2007-08-24 10:17:48 69,520 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSAEXP30.DLL
+ 2007-08-29 04:20:06 163,712 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSOCF.DLL
+ 2007-08-29 04:20:12 17,304 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSOCFU.DLL
+ 2007-08-24 08:40:16 674,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSQRY32.EXE
+ 2007-08-23 06:12:20 507,768 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSSOAP30.DLL
+ 2007-08-29 05:45:58 835,952 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSTORDB.EXE
+ 2007-08-29 05:46:06 542,568 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\MSTORES.DLL
+ 2007-08-24 08:37:50 68,464 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\NAME.DLL
+ 2007-10-03 00:51:22 8,436,776 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-09-02 06:55:16 235,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ODEPLOY.EXE
+ 2007-08-24 09:06:28 277,384 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\OIS.EXE
+ 2007-08-24 09:06:32 1,000,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\OISAPP.DLL
+ 2007-08-24 09:06:38 288,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\OISGRAPH.DLL
+ 2007-08-29 05:49:34 667,544 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ONBTTNOL.DLL
+ 2007-08-29 05:31:42 785,352 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\ONSYNCPC.DLL
+ 2007-09-02 06:55:54 6,540,656 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\OSETUP.DLL
+ 2007-08-29 05:38:22 2,016,656 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-08-23 06:19:06 79,784 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\PSOM.DLL
+ 2007-08-24 10:43:20 747,448 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\REGFORM.EXE
+ 2007-08-23 06:19:08 22,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\REVERSE.DLL
+ 2007-09-06 22:55:22 505,752 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\SELFCERT.EXE
+ 2007-09-02 06:55:34 442,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\SETUP.EXE
+ 2007-08-24 10:17:54 505,240 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\SOA.DLL
+ 2007-06-08 00:51:00 125,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\SSGEN.DLL
+ 2007-08-29 04:28:26 2,330,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\STSLIST.DLL
+ 2007-08-23 06:19:08 32,608 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\THOCRAPI.DLL
+ 2007-08-23 06:19:08 129,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\TWCUTCHR.DLL
+ 2007-08-23 06:19:10 90,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\TWCUTLIN.DLL
+ 2007-08-23 06:19:10 60,800 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\TWLAY32.DLL
+ 2007-08-23 06:19:12 30,096 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\TWORIENT.DLL
+ 2007-08-23 06:19:14 54,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\TWRECE.DLL
+ 2007-08-23 06:19:14 22,416 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\TWRECS.DLL
+ 2007-08-23 06:19:16 79,776 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\TWSTRUCT.DLL
+ 2007-06-28 01:58:12 2,585,936 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\VBE6.DLL
+ 2007-08-24 12:10:14 1,846,160 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\VVIEWDWG.DLL
+ 2007-08-24 12:10:28 3,735,424 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\VVIEWER.DLL
+ 2007-08-23 06:19:18 1,198,496 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\XIMAGE3B.DLL
+ 2007-08-23 06:19:20 535,448 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.6215\XPAGE3C.DLL
- 2009-02-15 03:24:30 61,440 ----a-r c:\windows\Installer\{8ACF317C-CA66-4363-AEBF-A073B124AA1A}\helpicon.exe
+ 2009-02-22 16:48:24 61,440 ----a-r c:\windows\Installer\{8ACF317C-CA66-4363-AEBF-A073B124AA1A}\helpicon.exe
- 2009-02-15 03:24:30 32,768 ----a-r c:\windows\Installer\{8ACF317C-CA66-4363-AEBF-A073B124AA1A}\maintenance_icon.exe
+ 2009-02-22 16:48:24 32,768 ----a-r c:\windows\Installer\{8ACF317C-CA66-4363-AEBF-A073B124AA1A}\maintenance_icon.exe
- 2009-02-15 03:24:30 22,486 ----a-r c:\windows\Installer\{8ACF317C-CA66-4363-AEBF-A073B124AA1A}\register_icon.exe
+ 2009-02-22 16:48:24 22,486 ----a-r c:\windows\Installer\{8ACF317C-CA66-4363-AEBF-A073B124AA1A}\register_icon.exe
- 2009-02-15 03:24:30 57,344 ----a-r c:\windows\Installer\{8ACF317C-CA66-4363-AEBF-A073B124AA1A}\texticon.exe
+ 2009-02-22 16:48:24 57,344 ----a-r c:\windows\Installer\{8ACF317C-CA66-4363-AEBF-A073B124AA1A}\texticon.exe
- 2009-02-14 14:03:42 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-02-22 17:12:47 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2009-02-21 18:28:28 1,165,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-22 08:02:19 1,165,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-02-21 18:28:28 20,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-22 08:02:20 20,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-02-21 18:28:28 159,504 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-22 08:02:19 159,504 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-02-21 18:28:28 184,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-02-22 08:02:20 184,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-02-21 18:28:28 217,864 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-22 08:02:20 217,864 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-02-21 18:28:28 18,704 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-22 08:02:20 18,704 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-02-21 18:28:29 35,088 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-22 08:02:21 35,088 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-02-21 18:28:28 845,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-22 08:02:20 845,584 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-02-21 18:28:28 922,384 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-22 08:02:20 922,384 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-02-21 18:28:28 272,648 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-22 08:02:20 272,648 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-02-21 18:28:28 888,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-22 08:02:21 888,080 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-02-21 18:28:28 1,172,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-22 08:02:19 1,172,240 ----a-r c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2005-03-18 22:23:10 53,248 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-18 22:23:10 12,800 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-18 22:23:14 473,600 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2005-03-18 22:23:10 145,920 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-18 22:23:10 159,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-18 22:23:14 364,544 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-18 22:23:12 178,176 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-18 22:23:14 223,232 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2005-09-28 19:11:52 577,536 ----a-w c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
- 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 02:30:52 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 06:49:22 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 02:30:52 32,768 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 01:57:52 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 00:09:14 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 01:57:58 86,016 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 01:56:30 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 05:33:04 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 01:58:00 102,400 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-14 01:50:46 2,142,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 00:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 01:58:02 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 01:57:00 2,523,136 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 01:57:28 2,514,944 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 21:20:00 106,496 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 21:11:26 73,728 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 06:49:16 258,048 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW8104\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW8104\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW8104\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW8104\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW8104\_mscorlib.dll
+ 2003-02-21 00:09:18 77,824 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW8104\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW8104\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW8104\_mscorwks.dll
+ 2003-02-21 09:42:22 348,160 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW8104\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW8104\_PerfCounter.dll
- 2004-07-15 19:31:16 1,224,704 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 02:35:38 1,232,896 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 19:29:00 1,257,472 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 02:35:46 1,265,664 ----a-w c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-04-14 00:12:15 139,264 ----a-w c:\windows\system32\cscript.exe
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\system32\cscript.exe
+ 2005-07-23 00:59:04 2,319,568 ----a-w c:\windows\system32\d3dx9_27.dll
+ 2008-05-07 09:07:23 135,168 -c----w c:\windows\system32\dllcache\cscript.exe
- 2007-08-13 23:38:04 491,520 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-05-09 10:53:39 180,224 -c----w c:\windows\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 -c----w c:\windows\system32\dllcache\scrrun.dll
+ 2008-06-17 19:02:19 8,461,312 -c----w c:\windows\system32\dllcache\shell32.dll
- 2007-08-13 23:54:10 413,696 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2007-08-13 23:54:10 765,952 -c--a-w c:\windows\system32\dllcache\VGX.dll
+ 2008-05-27 17:23:58 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2008-05-08 11:24:44 155,648 -c----w c:\windows\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 -c----w c:\windows\system32\dllcache\wshext.dll
+ 2008-08-12 23:40:32 108,864 ----a-w c:\windows\system32\drivers\bdfm.sys
- 2009-02-15 04:59:00 104,328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
+ 2008-08-14 23:54:44 102,208 ----a-w c:\windows\system32\drivers\bdfndisf.sys
+ 2005-08-10 12:44:04 50,688 ----a-w c:\windows\system32\drivers\sfdrv01.sys
+ 2005-05-16 13:20:39 6,656 ----a-w c:\windows\system32\drivers\sfhlp02.sys
+ 2005-08-10 14:06:28 19,968 ----a-w c:\windows\system32\drivers\sfsync02.sys
+ 2005-11-03 14:40:07 63,488 ----a-w c:\windows\system32\drivers\sfvfs02.sys
- 2006-10-26 19:10:08 1,190,688 ----a-w c:\windows\system32\FM20.DLL
+ 2007-08-23 06:03:38 1,195,888 ----a-w c:\windows\system32\FM20.DLL
+ 2008-05-29 16:16:52 633,344 ------w c:\windows\system32\gpprefcl.dll
+ 2009-02-25 01:45:14 144,792 ----a-w c:\windows\system32\java.exe
+ 2009-02-25 01:45:14 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-25 01:45:14 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-04-14 00:11:56 512,000 ----a-w c:\windows\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w c:\windows\system32\jscript.dll
+ 2007-07-27 19:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 19:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-06 00:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 17:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
- 2008-04-14 00:11:57 29,696 ----a-w c:\windows\system32\mimefilt.dll
+ 2008-03-07 17:02:08 29,696 ----a-w c:\windows\system32\mimefilt.dll
+ 2008-05-27 03:17:44 34,816 ------w c:\windows\system32\msscb.dll
+ 2008-05-27 03:17:26 60,416 ------w c:\windows\system32\msscntrs.dll
+ 2008-05-27 03:17:38 11,776 ------w c:\windows\system32\msshooks.dll
+ 2008-05-27 03:18:34 231,936 ------w c:\windows\system32\msshsq.dll
+ 2008-05-27 03:17:26 87,552 ------w c:\windows\system32\mssitlb.dll
+ 2008-05-27 03:18:26 350,208 ------w c:\windows\system32\mssph.dll
+ 2008-05-27 03:18:56 203,776 ------w c:\windows\system32\mssphtb.dll
+ 2008-05-27 03:17:28 32,768 ------w c:\windows\system32\mssprxy.dll
+ 2008-05-27 03:21:26 1,418,240 ------w c:\windows\system32\mssrch.dll
+ 2008-05-27 03:18:42 44,032 ------w c:\windows\system32\msstrc.dll
- 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
+ 2003-04-18 21:46:22 1,233,920 ----a-w c:\windows\system32\msxml4.dll
- 2008-04-14 00:12:01 1,306,624 ------w c:\windows\system32\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 ------w c:\windows\system32\msxml6.dll
- 2008-04-14 00:12:02 98,304 ----a-w c:\windows\system32\nlhtml.dll
+ 2008-03-07 17:02:08 98,304 ----a-w c:\windows\system32\nlhtml.dll
+ 2008-05-27 03:19:36 273,408 ------w c:\windows\system32\oeph.dll
+ 2008-05-27 03:19:16 11,264 ------w c:\windows\system32\oephRes.dll
- 2008-04-14 00:12:02 192,000 ----a-w c:\windows\system32\offfilt.dll
+ 2008-03-07 17:02:08 192,000 ----a-w c:\windows\system32\offfilt.dll
+ 2008-02-11 14:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 14:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 18:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 13:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
- 2009-02-21 18:27:13 71,206 ----a-w c:\windows\system32\perfc009.dat
+ 2009-02-22 17:10:42 78,260 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-21 18:27:13 441,014 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-22 17:10:42 462,058 ----a-w c:\windows\system32\perfh009.dat
+ 2008-05-27 03:18:08 71,680 ------w c:\windows\system32\propdefs.dll
+ 2008-05-27 03:17:48 754,176 ------w c:\windows\system32\propsys.dll
+ 2008-05-27 03:18:32 38,400 ------w c:\windows\system32\rtffilt.dll
- 2008-04-14 00:12:05 180,224 ----a-w c:\windows\system32\scrobj.dll
+ 2008-05-09 10:53:39 180,224 ----a-w c:\windows\system32\scrobj.dll
- 2008-04-14 00:12:05 172,032 ----a-w c:\windows\system32\scrrun.dll
+ 2008-05-09 10:53:40 172,032 ----a-w c:\windows\system32\scrrun.dll
+ 2008-05-27 03:17:56 87,552 ------w c:\windows\system32\searchfilterhost.exe
+ 2008-05-27 03:18:44 439,808 ------w c:\windows\system32\searchindexer.exe
+ 2008-05-27 03:18:18 184,832 ------w c:\windows\system32\searchprotocolhost.exe
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-05-27 03:17:30 301,568 ------w c:\windows\system32\srchadmin.dll
+ 2008-05-27 02:59:40 106,605 ------w c:\windows\system32\structuredqueryschema.bin
+ 2008-05-27 02:59:42 18,904 ------w c:\windows\system32\structuredqueryschematrivial.bin
+ 2008-05-27 03:21:08 1,582,592 ------w c:\windows\system32\tquery.dll
- 2009-02-15 04:59:01 192,512 ----a-w c:\windows\system32\txmlutil.dll
+ 2008-04-23 23:34:48 176,128 ----a-w c:\windows\system32\txmlutil.dll
+ 2008-05-27 03:19:20 97,792 ------w c:\windows\system32\UncCplExt.dll
+ 2008-05-27 03:19:22 143,872 ------w c:\windows\system32\UncDMS.dll
+ 2008-05-27 03:19:28 108,032 ------w c:\windows\system32\UncNE.dll
+ 2008-05-27 03:19:28 131,072 ------w c:\windows\system32\UncPH.dll
+ 2008-05-27 03:19:26 2,048 ------w c:\windows\system32\UncRes.dll
+ 2004-12-07 15:11:34 258,352 ----a-w c:\windows\system32\unicows.dll
- 2008-04-14 00:12:08 434,176 ----a-w c:\windows\system32\vbscript.dll
+ 2008-05-09 10:53:40 430,080 ----a-w c:\windows\system32\vbscript.dll
- 2008-04-14 00:12:41 155,648 ----a-w c:\windows\system32\wscript.exe
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\system32\wscript.exe
- 2008-04-14 00:12:10 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2008-05-09 10:53:40 90,112 ----a-w c:\windows\system32\wshext.dll
+ 2005-09-28 20:35:48 61,136 ----a-w c:\windows\system32\xinput9_1_0.dll
+ 2008-05-27 03:18:34 56,320 ------w c:\windows\system32\xmlfilter.dll
+ 2009-02-26 23:13:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_184.dat
+ 2009-02-26 23:15:24 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3d4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-14 160592]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 169984]
"nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-31 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-10-11 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2005-10-12 1695504]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-14 160592]

c:\documents and settings\Administrator.DANNY2\Start Menu\Programs\Startup\
ScreenThemes.lnk - c:\scthemes\scthemes.exe [2009-02-08 245760]
Thoosje Sidebar.lnk - c:\program files\Thoosje Vista Sidebar\Thoosje Sidebar.exe [2008-08-18 605696]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
11bg PCI&Cardbus Wireless LAN Utility.lnk - c:\program files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe [2008-11-27 843776]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-02-12 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-08 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2008-08-14 20:14 716800 c:\program files\BitDefender\BitDefender 2009\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RRT-Auto]
--a------ 2009-02-23 15:46 140800 c:\rrt\RRT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2005-10-12 10:06 1695504 c:\program files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ForcewareWebInterface"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"=
"c:\\Program Files\\River Past\\Video Perspective\\VideoPerspective.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Common Files\\BitDefender\\BitDefender Update Service\\livesrv.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-02-12 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-02-12 16768]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-11-27 38144]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-08-14 102208]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-utsync - utsync.dll


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-26 18:19:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-26 18:21:29
ComboFix-quarantined-files.txt 2009-02-26 23:21:26
ComboFix2.txt 2009-02-21 21:45:50
ComboFix3.txt 2009-02-21 15:50:35

Pre-Run: 467,267,874,816 bytes free
Post-Run: 467,249,520,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

731 --- E O F --- 2009-02-26 12:18:53

Thanks again

Danny
DannyDKing
Regular Member
 
Posts: 18
Joined: February 15th, 2009, 1:59 am

Re: Infected. Please help me.

Unread postby ndmmxiaomayi » February 27th, 2009, 10:05 am

Hi Danny,

If both Spyware Doctor and BitDefender are still installed, please uninstall them temporary. You can re-install them after running the fixes.

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=39956&start=15

File::
C:\eslb.exe
C:\bwrsnohl.exe
C:\puphu.exe
C:\aheg.exe

Collect::
C:\kyamdorp.exe
c:\windows\Hregogodinirey.dll
C:\sqmarv.exe
C:\mpypakmw.exe
C:\wxhymf.exe
C:\hjotfjn.exe

DirLook::
C:\484847148

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dllhost.exe"=-
"c:\\WINDOWS\\system32\\msiexec.exe"=-
"c:\\WINDOWS\\system32\\spoolsv.exe"=-


Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.

Image

Combofix will start running. When done, a log will be produced. Please post this log in your next reply.

In addition, it will prompt you to submit some files for analyzing.

Image

Click OK.

It will then start uploading the files automatically. Please do not close this window. It will close by itself when done.

Do not mouse click on Combofix while it is running. That may cause it to stall.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Infected. Please help me.

Unread postby DannyDKing » February 27th, 2009, 6:56 pm

Here is my ComFix log:

ComboFix 09-02-27.02 - Administrator 2009-02-27 17:47:30.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2395 [GMT -5:00]
Running from: c:\documents and settings\Administrator.DANNY2\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.DANNY2\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: BitDefender Firewall *enabled*
* Created a new restore point

FILE ::
C:\aheg.exe
C:\bwrsnohl.exe
C:\eslb.exe
C:\puphu.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\aheg.exe
C:\bwrsnohl.exe
C:\eslb.exe
C:\hjotfjn.exe
C:\kyamdorp.exe
C:\mpypakmw.exe
C:\puphu.exe
C:\sqmarv.exe
c:\windows\Hregogodinirey.dll
C:\wxhymf.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
.

2009-02-26 19:27 . 1999-12-17 11:13 86,016 --a------ c:\windows\unvise32.exe
2009-02-26 19:27 . 2009-02-26 21:51 69 --a------ c:\windows\NeroDigital.ini
2009-02-26 18:54 . 2009-02-26 18:54 <DIR> d-------- c:\program files\dvd43
2009-02-26 18:54 . 2009-02-26 18:54 18,816 --a------ c:\windows\system32\drivers\dvd43llh.sys
2009-02-24 23:53 . 2009-02-24 23:53 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Windows Search
2009-02-24 20:45 . 2009-02-24 20:45 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-24 20:45 . 2009-02-24 20:45 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-24 19:10 . 2009-01-09 14:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-24 00:05 . 2009-02-24 00:05 <DIR> d-------- C:\RRT
2009-02-24 00:01 . 2009-02-24 00:01 16,244 --a------ c:\windows\system32\rrt_is.wav
2009-02-24 00:01 . 2009-02-24 00:01 7,302 --a------ c:\windows\system32\rrt_vf.wav
2009-02-24 00:01 . 2009-02-24 00:01 7,148 --a------ c:\windows\system32\rrt_tv.wav
2009-02-24 00:01 . 2009-02-24 00:01 6,282 --a------ c:\windows\system32\rrt_tn.wav
2009-02-23 23:53 . 2009-02-23 23:53 <DIR> d-------- C:\myRTVAULT
2009-02-23 23:53 . 2009-02-23 23:55 <DIR> d-------- C:\MyRT
2009-02-23 21:47 . 2009-02-23 21:47 0 --a------ C:\484847148
2009-02-23 17:40 . 2009-02-24 23:13 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-22 12:12 . 2009-02-22 12:12 <DIR> d-------- c:\program files\Microsoft
2009-02-22 12:11 . 2009-02-22 12:11 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Windows Desktop Search
2009-02-22 12:10 . 2009-02-22 12:10 <DIR> d-------- c:\windows\system32\GroupPolicy
2009-02-22 12:10 . 2009-02-22 12:10 <DIR> d-------- c:\program files\Windows Desktop Search
2009-02-22 12:10 . 2008-03-07 12:02 192,000 -----c--- c:\windows\system32\dllcache\offfilt.dll
2009-02-22 12:10 . 2008-03-07 12:02 98,304 -----c--- c:\windows\system32\dllcache\nlhtml.dll
2009-02-22 12:10 . 2008-03-07 12:02 29,696 -----c--- c:\windows\system32\dllcache\mimefilt.dll
2009-02-21 13:24 . 2009-02-21 13:24 <DIR> d-------- c:\windows\system32\XPSViewer
2009-02-21 13:24 . 2009-02-21 13:24 <DIR> d-------- c:\program files\Reference Assemblies
2009-02-21 13:23 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-02-21 13:23 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-02-21 13:23 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-21 13:23 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-02-21 13:23 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-21 13:23 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-02-21 13:23 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-21 12:28 . 2008-12-20 18:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-21 12:28 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-21 12:28 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-21 12:28 . 2008-12-20 18:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-21 12:28 . 2008-12-20 18:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-21 12:28 . 2008-12-20 18:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-21 12:28 . 2008-12-20 18:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-21 12:28 . 2008-12-20 18:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-21 12:28 . 2008-12-19 04:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-21 11:43 . 2004-08-03 22:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-20 05:13 . 2009-02-21 05:13 124 --a------ c:\windows\wininit.ini
2009-02-19 17:20 . 2009-02-25 22:02 250 --a------ c:\windows\gmer.ini
2009-02-18 07:17 . 2009-02-18 07:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\nView_Profiles
2009-02-16 20:10 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-16 20:10 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-15 01:03 . 2009-02-15 01:03 <DIR> d-------- c:\program files\Trend Micro
2009-02-14 22:43 . 2009-02-24 20:51 643 --a------ c:\windows\win.tmp
2009-02-14 22:43 . 2009-02-23 21:50 227 --a------ c:\windows\system.tmp
2009-02-14 22:23 . 2009-02-22 11:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\BitDefender
2009-02-14 22:23 . 2009-02-14 22:23 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\BitDefender
2009-02-14 22:22 . 2009-02-14 22:23 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-02-14 14:28 . 2009-02-22 11:44 81,984 --a------ c:\windows\system32\bdod.bin
2009-02-14 12:35 . 2009-02-14 12:35 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-02-14 12:35 . 2009-02-14 12:35 385 --a------ c:\windows\system32\user_gensett.xml
2009-02-14 12:25 . 2009-02-14 12:25 <DIR> d-------- c:\windows\system32\logs
2009-02-14 12:24 . 2009-02-14 12:24 <DIR> d-------- c:\windows\system32\URTTEMP
2009-02-14 12:24 . 2009-02-14 22:23 <DIR> d-------- c:\program files\BitDefender
2009-02-14 11:41 . 2009-02-14 11:41 <DIR> d-------- c:\program files\Magentic
2009-02-14 11:41 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
2009-02-14 11:27 . 2009-02-14 11:31 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-02-14 11:22 . 2009-02-14 11:22 <DIR> d---s---- c:\documents and settings\Administrator.DANNY2\UserData
2009-02-14 11:19 . 2009-02-14 12:18 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2009-02-14 10:33 . 2009-02-14 10:39 <DIR> d-------- c:\program files\Thoosje Vista Sidebar
2009-02-14 10:29 . 2009-02-14 10:29 <DIR> d-------- c:\program files\RapidSolution
2009-02-14 10:29 . 2009-02-14 10:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\RapidSolution
2009-02-14 10:17 . 2009-02-14 10:17 <DIR> d-------- c:\program files\Winamp Toolbar
2009-02-14 10:17 . 2009-02-14 10:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Winamp Toolbar
2009-02-14 10:07 . 2009-02-14 10:14 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Winamp
2009-02-14 09:56 . 2009-02-14 09:56 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\PC Tools
2009-02-14 09:53 . 2009-02-14 09:55 <DIR> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-02-14 09:49 . 2008-06-13 06:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-02-14 09:49 . 2008-06-13 06:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-14 09:48 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-14 09:48 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-14 09:48 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-14 09:48 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-14 09:47 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-14 09:47 . 2008-12-11 05:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-14 09:46 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-14 09:46 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-14 09:45 . 2009-02-14 09:45 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\River Past G5
2009-02-14 09:45 . 2009-02-14 09:45 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\River Past G5
2009-02-14 09:42 . 2009-02-14 09:42 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\RoboForm
2009-02-13 23:59 . 2009-02-13 23:59 <DIR> d-------- c:\documents and settings\ADMINI~1~DAN\LOCALS~1
2009-02-13 23:59 . 2009-02-13 23:59 <DIR> d-------- c:\documents and settings\ADMINI~1~DAN
2009-02-13 23:13 . 2009-02-13 23:13 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\vlc
2009-02-13 22:37 . 2009-02-13 22:37 <DIR> d-------- c:\program files\iTunes
2009-02-13 22:37 . 2009-02-13 22:37 <DIR> d-------- c:\program files\iPod
2009-02-13 22:37 . 2009-02-13 22:37 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-13 22:37 . 2009-02-14 11:07 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Apple Computer
2009-02-13 22:37 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-02-13 22:37 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-13 22:36 . 2009-02-14 09:06 <DIR> d-------- c:\program files\Bonjour
2009-02-13 22:36 . 2009-02-24 20:53 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-02-13 22:35 . 2009-02-13 22:35 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-02-13 22:22 . 2009-02-13 22:22 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Nero
2009-02-13 22:10 . 2009-02-13 22:10 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-13 22:04 . 2008-06-20 06:51 361,600 --a--c--- c:\windows\system32\dllcache\tcpip.sys
2009-02-13 22:04 . 2008-06-20 12:46 245,248 --a--c--- c:\windows\system32\dllcache\mswsock.dll
2009-02-13 22:04 . 2008-08-14 05:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys
2009-02-13 22:04 . 2006-08-16 06:58 100,352 --a--c--- c:\windows\system32\dllcache\6to4svc.dll
2009-02-13 22:04 . 2008-06-24 11:43 74,240 -----c--- c:\windows\system32\dllcache\mscms.dll
2009-02-13 22:01 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-13 22:00 . 2009-02-13 22:21 <DIR> d-------- c:\program files\Common Files\Nero
2009-02-13 22:00 . 2009-02-13 22:06 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Nero
2009-02-13 21:59 . 2008-05-08 09:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-13 21:11 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-02-13 21:10 . 2009-02-13 21:10 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-13 21:08 . 2009-02-13 21:08 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-13 21:07 . 2009-02-22 12:12 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-13 20:55 . 2009-02-13 20:55 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\1Click DVD Movie
2009-02-13 20:55 . 2009-02-27 07:19 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\1Click DVD Copy Pro
2009-02-13 20:55 . 2009-02-13 20:55 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Vso
2009-02-13 20:55 . 2009-02-13 20:55 87,608 --a------ c:\documents and settings\Administrator.DANNY2\Application Data\ezpinst.exe
2009-02-13 20:55 . 2009-02-13 20:55 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2009-02-13 20:55 . 2009-02-13 20:55 47,360 --a------ c:\documents and settings\Administrator.DANNY2\Application Data\pcouffin.sys
2009-02-13 20:54 . 2009-02-13 20:54 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\Lexmark Productivity Studio
2009-02-13 20:41 . 2009-02-13 20:41 <DIR> d-------- c:\documents and settings\Administrator.DANNY2\Application Data\JAM Software
2009-02-13 19:00 . 2009-02-13 19:00 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA
2009-02-12 23:02 . 2009-02-12 23:02 <DIR> d-------- c:\program files\WS_FTP Pro
2009-02-12 23:02 . 2009-02-12 23:02 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Ipswitch
2009-02-12 23:02 . 1998-10-29 16:45 306,688 --a------ c:\windows\ISUninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-27 00:27 --------- d-----w c:\program files\DivX
2009-02-27 00:25 --------- d-----w c:\program files\Xvid
2009-02-26 04:09 --------- d-----w c:\program files\QuickTime
2009-02-26 03:26 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 02:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-21 18:24 --------- d-----w c:\program files\MSBuild
2009-02-15 04:59 82,696 ----a-w c:\windows\system32\drivers\BDVEDISK.sys
2009-02-15 04:59 242,184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-02-14 17:35 --------- d-----w c:\program files\Spyware Doctor
2009-02-14 15:17 --------- d-----w c:\program files\Winamp
2009-02-14 03:35 --------- d-----w c:\program files\Common Files\Apple
2009-02-14 03:11 --------- d-----w c:\program files\Nero
2009-02-14 03:00 --------- d-----w c:\program files\Common Files\LightScribe
2009-02-13 02:07 --------- d-----w c:\program files\PowerISO
2009-02-12 19:42 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\s_4610_OTk4fHx8fDk5OHx8fDEyNDUxNzUwNzJ8_
2009-02-02 04:42 --------- d-----w c:\program files\Bitmanagement Software
2009-01-26 01:13 --------- d-----w c:\program files\Raven
2009-01-21 22:42 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Tools
2009-01-21 01:15 --------- d-----w c:\program files\Winamp Remote
2009-01-10 04:04 --------- d-----w c:\documents and settings\Administrator\Application Data\IMVU
2009-01-10 03:35 --------- d-----w c:\documents and settings\Administrator\Application Data\IMVUClient
2009-01-07 04:15 --------- d-----w c:\documents and settings\Administrator\Application Data\Bradsoft.com
2009-01-07 04:12 --------- d-----w c:\program files\Bradbury
2009-01-07 02:07 --------- d-----w c:\program files\Ipswitch
2009-01-07 02:07 --------- d-----w c:\documents and settings\Administrator\Application Data\Ipswitch
2009-01-05 23:22 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-05 23:22 --------- d-----w c:\program files\Common Files\Adobe
2009-01-04 22:45 --------- d-----w c:\program files\LucasArts
2009-01-02 02:15 --------- d-----w c:\program files\ParallelGraphics
2009-01-02 01:45 --------- d-----w c:\program files\Vivaty
2009-01-01 19:22 --------- d-----w c:\program files\IrfanView
2008-12-31 04:45 --------- d-----w c:\program files\Siber Systems
2008-12-27 22:55 --------- d-----w c:\program files\Windows XP Fun Pack
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-12-06 15:47 87,608 ----a-w c:\documents and settings\Administrator\Application Data\ezpinst.exe
2008-12-06 15:47 47,360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys
2007-02-13 00:10 2,682,880 ------w c:\documents and settings\All Users.WINDOWS\VCREDI~3.EXE
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\484847148 ----

c:\484847148\


------- Sigcheck -------

2008-08-26 04:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-12-20 18:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
2006-02-28 07:00 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\ie7\wininet.dll
2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 02:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\ie7updates\KB961260-IE7\wininet.dll
2008-04-13 19:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\ServicePackFiles\i386\wininet.dll
2008-12-20 18:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2GDR\wininet.dll
2008-12-20 18:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\SoftwareDistribution\Download\2e4e820fa4f0714d84e95e04fd4b348e\SP2QFE\wininet.dll
2008-08-26 02:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\wininet.dll
2008-08-26 04:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\wininet.dll
2008-10-16 05:37 659456 6f1e4bfd78c4e0d05ff3725d59b72925 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\wininet.dll
2008-10-16 05:20 667648 93c9d0a216498ee14eb9b26119bb95ee c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\wininet.dll
2008-10-15 20:00 666112 1576318bf08d28cc61d1278114ad8d5b c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\wininet.dll
2008-10-15 20:04 667136 e8fce58a470999350f64c591557f9e42 c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\wininet.dll
2008-04-13 19:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wininet.dll
2008-12-20 18:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\system32\wininet.dll
2008-12-20 18:15 826368 a82935d32d0672e8ff4e91ae398e901c c:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-02-26_18.20.36.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-06 16:33:52 684,032 ----a-w c:\windows\system32\DivX.dll
+ 2002-05-16 19:11:46 599,040 ------w c:\windows\system32\DivX.dll
+ 2002-05-16 05:38:40 91,136 ----a-w c:\windows\system32\mp4fil32.dll
+ 2003-07-17 11:02:32 507,904 ----a-w c:\windows\system32\xvid.dll
+ 2009-02-26 23:57:41 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_18c.dat
+ 2009-02-27 22:41:15 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_500.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-14 160592]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 169984]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-31 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-10-11 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2005-10-12 1695504]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-02-14 160592]

c:\documents and settings\Administrator.DANNY2\Start Menu\Programs\Startup\
ScreenThemes.lnk - c:\scthemes\scthemes.exe [2009-02-08 245760]
Thoosje Sidebar.lnk - c:\program files\Thoosje Vista Sidebar\Thoosje Sidebar.exe [2008-08-18 605696]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
11bg PCI&Cardbus Wireless LAN Utility.lnk - c:\program files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe [2008-11-27 843776]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-02-12 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-08 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2008-08-14 20:14 716800 c:\program files\BitDefender\BitDefender 2009\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RRT-Auto]
--a------ 2009-02-23 15:46 140800 c:\rrt\RRT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2005-10-12 10:06 1695504 c:\program files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ForcewareWebInterface"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"=
"c:\\Program Files\\River Past\\Video Perspective\\VideoPerspective.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Common Files\\BitDefender\\BitDefender Update Service\\livesrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-02-12 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-02-12 16768]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-11-27 38144]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-08-14 102208]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-27 17:51:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-27 17:52:41
ComboFix-quarantined-files.txt 2009-02-27 22:52:38
ComboFix2.txt 2009-02-26 23:21:31
ComboFix3.txt 2009-02-21 21:45:50
ComboFix4.txt 2009-02-21 15:50:35

Pre-Run: 467,192,467,456 bytes free
Post-Run: 467,173,793,792 bytes free

368 --- E O F --- 2009-02-27 08:01:02


Thanks again

Danny
DannyDKing
Regular Member
 
Posts: 18
Joined: February 15th, 2009, 1:59 am

Re: Infected. Please help me.

Unread postby ndmmxiaomayi » February 28th, 2009, 2:10 pm

Hi Danny,

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Infected. Please help me.

Unread postby DannyDKing » February 28th, 2009, 9:42 pm

Here is me Eset log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3897 (20090228)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=84c6861028d3c74381a4d88a0c46e5a8
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-03-01 01:15:20
# local_time=2009-02-28 08:15:20 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=331870
# found=5
# scan_time=6872
C:\Qoobox\Quarantine\[4]-Submit_2009-02-27@17.10.zip multiple infiltrations 5CEB5E482628EC69C23B5881494FCEA1
C:\Qoobox\Quarantine\[4]-Submit_2009-02-27@17.10.zip »ZIP »mpypakmw.exe Win32/TrojanDownloader.FakeAlert.ZM trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\[4]-Submit_2009-02-27@17.10.zip »ZIP »sqmarv.exe Win32/Cimag.L trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\[4]-Submit_2009-02-27@17.10.zip »ZIP »Hregogodinirey.dll Win32/Cimag.L trojan 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\frmwrk32.exe.vir Win32/TrojanDownloader.FakeAlert.ZM trojan 7AD9F9BD9D7AA3F23DD63D139EAF37BB


Danny
DannyDKing
Regular Member
 
Posts: 18
Joined: February 15th, 2009, 1:59 am

Re: Infected. Please help me.

Unread postby ndmmxiaomayi » March 1st, 2009, 12:04 am

Hi Danny,

Eset has found items in Combofix's quarantine, which we will clear in a moment.

Are there any other issues?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Infected. Please help me.

Unread postby DannyDKing » March 1st, 2009, 1:23 am

Nope. No issues on this computer. But I have 6 that are networked together. Could I have gotten something from one of the others earlier? I removed this computer from the network and sharing the second time around.

Danny
DannyDKing
Regular Member
 
Posts: 18
Joined: February 15th, 2009, 1:59 am

Re: Infected. Please help me.

Unread postby ndmmxiaomayi » March 1st, 2009, 2:57 am

It could be one of the computers that infected this, we can't tell though. If all the other computers are working fine, it's unlikely that one of them infected this. However, if one of them is behaving badly, perhaps it could affect this computer if both of them are turned on at the same time.

If unsure, you can post separate logs for each of the PC, disconnecting all 6 of them from the network. Each PC should preferably be a new topic.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Infected. Please help me.

Unread postby DannyDKing » March 2nd, 2009, 12:15 am

One of them is behaving funny. Since I am on cable and on a hub, we rarely turn off any of the nachines.

Should I run Eset on the one bad puter to see if anything shows up?

Danny
DannyDKing
Regular Member
 
Posts: 18
Joined: February 15th, 2009, 1:59 am

Re: Infected. Please help me.

Unread postby ndmmxiaomayi » March 2nd, 2009, 8:09 am

Hi Danny,

You can do so. :)
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Infected. Please help me.

Unread postby DannyDKing » March 4th, 2009, 8:18 am

Well so far I have two infected computers.. :(

I guess we better finish with this one first and then I can start a new post for the other two.

Danny
DannyDKing
Regular Member
 
Posts: 18
Joined: February 15th, 2009, 1:59 am

Re: Infected. Please help me.

Unread postby ndmmxiaomayi » March 4th, 2009, 9:01 am

This one is nearly done unless you have network worm spreading to it again. I would suggest that you disconnect all computers from the network until we are done.

If there are no issues with this computer, we will proceed with the rest.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy, pgmigg and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware