Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer - possible virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 sally.w

sally.w

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 11 April 2010 - 02:57 PM

Hello,

I've had my laptop for about 7 months and its been running fine but yesterday I turned it on and it displayed a Vista recovery screen because it couldnt load up windows I followed the recovery intructions but now the computer is running very slowly. I performed a virus scan (using Avira AntiVir Personal) but it did not detect any viruses. Could you please help me see if the computer has anything wrong with it as it is running unusually (and frustratingly) slowly since the recovery.

Thankyou, I hope you can help.

Sally

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:20 AM

Posted 11 April 2010 - 09:09 PM

Let's try an Online scan and then one for rootkits.

Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sally.w

sally.w
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 13 April 2010 - 06:06 AM

Hi,

Thankyou for helping. I have done the scans, here's the ESET Online scanner results:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b0a61791f468e047a6f48b3f4e9dc815
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-13 12:42:15
# local_time=2010-04-13 01:42:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 541699 47531628 0 0
# compatibility_mode=5892 16776573 100 100 184557 108627116 0 0
# compatibility_mode=6912 16777215 100 0 18381759 18381759 0 0
# compatibility_mode=8192 67108863 100 0 439 439 0 0
# scanned=133122
# found=1
# cleaned=1
# scan_time=24947
C:\Program Files\Acer Arcade Deluxe\PlayMovie\CBS.dll probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C












And here is the GMER results:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-13 11:57:10
Windows 6.0.6002 Service Pack 2
Running: 1egz8n0m.exe; Driver: C:\Users\Sally\AppData\Local\Temp\fwrdrpog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwAlpcConnectPort [0x90F58000]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwAssignProcessToJobObject [0x90F54A60]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwClose [0x90F39BF0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwConnectPort [0x90F56920]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateFile [0x90F35F60]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateKey [0x90F41090]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateProcess [0x90F4D2B0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateProcessEx [0x90F4DBB0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateSection [0x90F34D10]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateSymbolicLinkObject [0x90F40E40]
SSDT 967A530C ZwCreateThread
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwDebugActiveProcess [0x90F59F30]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwDeleteFile [0x90F3FB20]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwDeleteKey [0x90F42900]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwDeleteValueKey [0x90F493A0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwLoadDriver [0x90F4ABB0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwMakeTemporaryObject [0x90F406B0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwOpenFile [0x90F38C10]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwOpenKey [0x90F41FC0]
SSDT 967A52F8 ZwOpenProcess
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwOpenSection [0x90F35580]
SSDT 967A52FD ZwOpenThread
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwProtectVirtualMemory [0x90F55DA0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwQueryDirectoryFile [0x90F3A8A0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwQueryKey [0x90F44750]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwQueryValueKey [0x90F44FA0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwQueueApcThread [0x90F53ED0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwRenameKey [0x90F48590]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwReplaceKey [0x90F46500]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwRequestPort [0x90F58A50]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwRequestWaitReplyPort [0x90F58D70]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwRestoreKey [0x90F47D20]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSaveKey [0x90F46C80]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSaveKeyEx [0x90F474D0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSecureConnectPort [0x90F57480]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSetContextThread [0x90F53440]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSetInformationDebugObject [0x90F5A520]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSetInformationFile [0x90F3BBF0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSetSystemInformation [0x90F4A1C0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSetValueKey [0x90F45820]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSuspendProcess [0x90F52190]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSuspendThread [0x90F52AC0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSystemDebugControl [0x90F59770]
SSDT 967A5307 ZwTerminateProcess
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwTerminateThread [0x90F51620]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwUnloadDriver [0x90F4B530]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwWriteVirtualMemory [0x90F552B0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateThreadEx [0x90F4C7F0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateUserProcess [0x90F4E4C0]

INT 0x62 ? 883FBBF8
INT 0x72 ? 883FBBF8
INT 0x82 ? 883FBBF8
INT 0x82 ? 883FBBF8
INT 0x82 ? 883FBBF8
INT 0x91 ? 85D1BBF8
INT 0xA1 ? 85D1BBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 13D 832B08A0 4 Bytes [00, 80, F5, 90]
.text ntkrnlpa.exe!KeSetEvent + 191 832B08F4 4 Bytes [60, 4A, F5, 90] {PUSHA ; DEC EDX; CMC ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1A9 832B090C 4 Bytes [F0, 9B, F3, 90]
.text ntkrnlpa.exe!KeSetEvent + 1C1 832B0924 4 Bytes [20, 69, F5, 90] {AND [ECX-0xb], CH; NOP }
.text ntkrnlpa.exe!KeSetEvent + 1D9 832B093C 4 Bytes [60, 5F, F3, 90] {PUSHA ; POP EDI; PAUSE }
.text ...
? System32\Drivers\spsg.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FA03000, 0x210596, 0xE8000020]
.text USBPORT.SYS!DllUnload 9033F41B 5 Bytes JMP 883FB1D8
.text akh70sdz.SYS 9015E000 22 Bytes [82, 43, 5C, 83, 6C, 42, 5C, ...]
.text akh70sdz.SYS 9015E017 84 Bytes [00, 32, E7, 70, 80, 3D, E5, ...]
.text akh70sdz.SYS 9015E06C 21 Bytes [90, AE, 24, 83, 98, AE, 2A, ...]
.text akh70sdz.SYS 9015E082 74 Bytes [21, 83, E7, 20, 21, 83, C6, ...]
.text akh70sdz.SYS 9015E0CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text ...
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl section is writeable [0x9F319000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in ".vmp2" section [0x9F33C050]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\wininit.exe[676] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wininit.exe[676] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wininit.exe[676] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wininit.exe[676] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\services.exe[720] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\services.exe[720] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\services.exe[720] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\services.exe[720] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[928] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[928] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[928] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[928] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Ati2evxx.exe[1144] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Ati2evxx.exe[1144] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Ati2evxx.exe[1144] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Ati2evxx.exe[1144] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[1188] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[1188] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[1188] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe[1188] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\unsecapp.exe[1340] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\unsecapp.exe[1340] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\unsecapp.exe[1340] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\unsecapp.exe[1340] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1352] ntdll.dll!LdrLoadDll 77289390 5 Bytes JMP 013713F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1352] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 008EA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1352] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 008EA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1352] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 008EA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1352] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 008EA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1492] kernel32.dll!SetUnhandledExceptionFilter 75C9A84F 5 Bytes JMP 00522570 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\Windows\system32\Ati2evxx.exe[1496] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Ati2evxx.exe[1496] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Ati2evxx.exe[1496] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Ati2evxx.exe[1496] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1572] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1572] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1572] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe[1572] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\agrsmsvc.exe[1604] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\agrsmsvc.exe[1604] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\agrsmsvc.exe[1604] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\agrsmsvc.exe[1604] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\SPBA\upeksvr.exe[1636] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\SPBA\upeksvr.exe[1636] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\SPBA\upeksvr.exe[1636] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\SPBA\upeksvr.exe[1636] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1688] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1688] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1688] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1688] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1836] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 009AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1836] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 009AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1836] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 009AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[1836] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 009AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe[1880] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe[1880] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe[1880] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe[1880] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\spoolsv.exe[2004] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\spoolsv.exe[2004] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\spoolsv.exe[2004] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\spoolsv.exe[2004] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[2036] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\Service\ETService.exe[2052] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\Service\ETService.exe[2052] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\Service\ETService.exe[2052] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\Service\ETService.exe[2052] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[2112] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[2112] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[2112] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[2112] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\BASVC.exe[2292] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\BASVC.exe[2292] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\BASVC.exe[2292] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\BASVC.exe[2292] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Kontiki\KService.exe[2508] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Kontiki\KService.exe[2508] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Kontiki\KService.exe[2508] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Kontiki\KService.exe[2508] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2580] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2580] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2580] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2580] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Acer\Mobility Center\MobilityService.exe[2608] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Acer\Mobility Center\MobilityService.exe[2608] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Acer\Mobility Center\MobilityService.exe[2608] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Acer\Mobility Center\MobilityService.exe[2608] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[2660] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[2660] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[2660] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe[2660] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[2704] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[2704] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[2704] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe[2704] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe[2792] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe[2792] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe[2792] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe[2792] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2820] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2820] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2820] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2820] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\Explorer.EXE[2880] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\Explorer.EXE[2880] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\Explorer.EXE[2880] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\Explorer.EXE[2880] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\Explorer.EXE[2880] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 7669B364 4 Bytes [00, 26, 85, 00] {ADD [ESI], AH; TEST [EAX], EAX}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2932] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2932] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2932] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[2932] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2988] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2988] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2988] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Cyberlink\Shared files\RichVideo.exe[2988] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\SearchIndexer.exe[3080] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\SearchIndexer.exe[3080] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\SearchIndexer.exe[3080] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\SearchIndexer.exe[3080] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe[3248] ntdll.dll!LdrLoadDll 77289390 5 Bytes JMP 0059EB4C C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe[3248] kernel32.dll!SetUnhandledExceptionFilter 75C9A84F 5 Bytes JMP 0059EA88 C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe[3248] kernel32.dll!LoadResource 75CB6ADB 5 Bytes JMP 0059E828 C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe[3248] USER32.dll!SetWindowsHookExA 76156322 5 Bytes JMP 0059EAF4 C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe[3248] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 0059EB20 C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe[3248] USER32.dll!EnableWindow 7615CD8B 5 Bytes JMP 0252944C C:\Program Files\Agnitum\Outpost Firewall\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 6B7F9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!CallNextHookEx 76158E3B 5 Bytes JMP 6B7ED101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 6B76466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!CreateWindowExW 76161305 5 Bytes JMP 6B7FDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!DialogBoxParamW 761810B0 5 Bytes JMP 6B725505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!DialogBoxIndirectParamW 76182EF5 5 Bytes JMP 6B8F473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!DialogBoxParamA 76198152 5 Bytes JMP 6B8F46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!DialogBoxIndirectParamA 7619847D 5 Bytes JMP 6B8F47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!MessageBoxIndirectA 761AD4D9 5 Bytes JMP 6B8F4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!MessageBoxIndirectW 761AD5D3 5 Bytes JMP 6B8F4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!MessageBoxExA 761AD639 5 Bytes JMP 6B8F45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] USER32.dll!MessageBoxExW 761AD65D 5 Bytes JMP 6B8F4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] ole32.dll!OleLoadFromStream 76531E12 5 Bytes JMP 6B8F4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3292] ole32.dll!CoCreateInstance 76569EA6 5 Bytes JMP 6B7FDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3464] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3464] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3464] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3464] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe[3516] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe[3516] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe[3516] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe[3516] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3524] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 01AEA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3524] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 01AEA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3524] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 01AEA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[3524] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 01AEA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe[3532] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe[3532] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe[3532] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe[3532] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3540] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3540] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3540] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3540] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\ehome\ehtray.exe[3552] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\ehome\ehtray.exe[3552] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\ehome\ehtray.exe[3552] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\ehome\ehtray.exe[3552] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3580] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 004EA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3580] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 004EA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3580] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 004EA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3580] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 004EA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3668] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 01B0A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3668] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 01B0A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3668] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 01B0A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Launch Manager\QtZgAcer.EXE[3668] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 01B0A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\RtHDVCpl.exe[3696] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\RtHDVCpl.exe[3696] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\RtHDVCpl.exe[3696] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\RtHDVCpl.exe[3696] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3704] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3704] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3704] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3704] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3820] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3820] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3820] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3820] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3884] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3884] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3884] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3884] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\PLFSetI.exe[3904] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\PLFSetI.exe[3904] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\PLFSetI.exe[3904] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\PLFSetI.exe[3904] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Users\Sally\Desktop\1egz8n0m.exe[4048] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Users\Sally\Desktop\1egz8n0m.exe[4048] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Users\Sally\Desktop\1egz8n0m.exe[4048] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Users\Sally\Desktop\1egz8n0m.exe[4048] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 6B7F9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!CallNextHookEx 76158E3B 5 Bytes JMP 6B7ED101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 6B76466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!CreateWindowExW 76161305 5 Bytes JMP 6B7FDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!DialogBoxParamW 761810B0 5 Bytes JMP 6B725505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!DialogBoxIndirectParamW 76182EF5 5 Bytes JMP 6B8F473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!DialogBoxParamA 76198152 5 Bytes JMP 6B8F46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!DialogBoxIndirectParamA 7619847D 5 Bytes JMP 6B8F47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!MessageBoxIndirectA 761AD4D9 5 Bytes JMP 6B8F4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!MessageBoxIndirectW 761AD5D3 5 Bytes JMP 6B8F4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!MessageBoxExA 761AD639 5 Bytes JMP 6B8F45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] USER32.dll!MessageBoxExW 761AD65D 5 Bytes JMP 6B8F4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] ole32.dll!OleLoadFromStream 76531E12 5 Bytes JMP 6B8F4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4276] ole32.dll!CoCreateInstance 76569EA6 5 Bytes JMP 6B7FDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\ehome\ehmsas.exe[4312] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\ehome\ehmsas.exe[4312] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\ehome\ehmsas.exe[4312] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\ehome\ehmsas.exe[4312] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe[4532] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe[4532] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe[4532] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe[4532] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Users\Sally\AppData\Local\Temp\RtkBtMnt.exe[4572] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Users\Sally\AppData\Local\Temp\RtkBtMnt.exe[4572] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Users\Sally\AppData\Local\Temp\RtkBtMnt.exe[4572] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Users\Sally\AppData\Local\Temp\RtkBtMnt.exe[4572] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4716] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4716] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4716] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4716] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!CreateWindowExW 76161305 5 Bytes JMP 6B7FDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxParamW 761810B0 5 Bytes JMP 6B725505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxIndirectParamW 76182EF5 5 Bytes JMP 6B8F473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxParamA 76198152 5 Bytes JMP 6B8F46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!DialogBoxIndirectParamA 7619847D 5 Bytes JMP 6B8F47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxIndirectA 761AD4D9 5 Bytes JMP 6B8F4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxIndirectW 761AD5D3 5 Bytes JMP 6B8F4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxExA 761AD639 5 Bytes JMP 6B8F45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4736] USER32.dll!MessageBoxExW 761AD65D 5 Bytes JMP 6B8F4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe[5252] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe[5252] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe[5252] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe[5252] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!SetWindowsHookExW 761587AD 5 Bytes JMP 6B7F9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!CallNextHookEx 76158E3B 5 Bytes JMP 6B7ED101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!UnhookWindowsHookEx 761598DB 5 Bytes JMP 6B76466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!CreateWindowExW 76161305 5 Bytes JMP 6B7FDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxParamW 761810B0 5 Bytes JMP 6B725505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxIndirectParamW 76182EF5 5 Bytes JMP 6B8F473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxParamA 76198152 5 Bytes JMP 6B8F46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!DialogBoxIndirectParamA 7619847D 5 Bytes JMP 6B8F47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxIndirectA 761AD4D9 5 Bytes JMP 6B8F4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxIndirectW 761AD5D3 5 Bytes JMP 6B8F4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxExA 761AD639 5 Bytes JMP 6B8F45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] USER32.dll!MessageBoxExW 761AD65D 5 Bytes JMP 6B8F4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] ole32.dll!OleLoadFromStream 76531E12 5 Bytes JMP 6B8F4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5544] ole32.dll!CoCreateInstance 76569EA6 5 Bytes JMP 6B7FDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5656] USER32.dll!ChangeDisplaySettingsExA 76156FE7 5 Bytes JMP 100AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5656] USER32.dll!SetForegroundWindow 7615B8A6 5 Bytes JMP 100AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5656] USER32.dll!SetWindowPos 761635E3 5 Bytes JMP 100AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5656] USER32.dll!ChangeDisplaySettingsExW 7619A9E4 5 Bytes JMP 100AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806046D6] \SystemRoot\System32\Drivers\spsg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80604042] \SystemRoot\System32\Drivers\spsg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80604800] \SystemRoot\System32\Drivers\spsg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806040C0] \SystemRoot\System32\Drivers\spsg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060413E] \SystemRoot\System32\Drivers\spsg.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80613E9C] \SystemRoot\System32\Drivers\spsg.sys
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortWritePortUchar] 8390183F
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F901810
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\akh70sdz.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74127817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7417A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7412BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7411F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7411E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74158395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7412DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7411FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7411FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741ACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7414C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7411D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74116853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7411687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74122AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [008527E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [00851D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00852B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [008511D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 866AE1F8
Device \FileSystem\udfs \UdfsCdRom 8825C500
Device \FileSystem\udfs \UdfsDisk 8825C500

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 866AA1F8
Device \Driver\sptd \Device\2869289252 spsg.sys
Device \Driver\usbohci \Device\USBPDO-0 884031F8
Device \Driver\usbohci \Device\USBPDO-1 884031F8
Device \Driver\usbehci \Device\USBPDO-2 883F92E8
Device \Driver\usbohci \Device\USBPDO-3 884031F8
Device \Driver\usbohci \Device\USBPDO-4 884031F8
Device \Driver\usbehci \Device\USBPDO-5 883F92E8
Device \Driver\volmgr \Device\HarddiskVolume1 866AA1F8
Device \Driver\volmgr \Device\HarddiskVolume2 866AA1F8
Device \Driver\cdrom \Device\CdRom0 884021F8
Device \Driver\PCI_PNP3236 \Device\00000059 spsg.sys
Device \Driver\cdrom \Device\CdRom1 884021F8
Device \Driver\volmgr \Device\HarddiskVolume3 866AA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 866AC1F8
Device \Driver\atapi \Device\Ide\IdePort0 866AC1F8
Device \Driver\atapi \Device\Ide\IdePort1 866AC1F8
Device \Driver\volmgr \Device\HarddiskVolume4 866AA1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 88D99500
Device \Driver\Smb \Device\NetbiosSmb 88EC41F8
Device \Driver\nsiproxy \Device\Nsi afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\iScsiPrt \Device\RaidPort1 883F31F8
Device \Driver\netbt \Device\NetBT_Tcpip_{2464D89B-6CE2-4B3A-B6A7-48F451D3DA17} 88D99500
Device \Driver\usbohci \Device\USBFDO-0 884031F8
Device \Driver\usbohci \Device\USBFDO-1 884031F8
Device \Driver\usbehci \Device\USBFDO-2 883F92E8
Device \Driver\netbt \Device\NetBT_Tcpip_{15E5D9AC-88D5-4C53-9300-A937113C2BF0} 88D99500
Device \Driver\usbohci \Device\USBFDO-3 884031F8
Device \Driver\usbohci \Device\USBFDO-4 884031F8
Device \Driver\usbehci \Device\USBFDO-5 883F92E8
Device \Driver\akh70sdz \Device\Scsi\akh70sdz1 884771F8
Device \Driver\akh70sdz \Device\Scsi\akh70sdz1Port4Path0Target0Lun0 884771F8
Device \FileSystem\cdfs \Cdfs 85E561F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x19 0x24 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0xD3 0x8F 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x16 0xE9 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x19 0x24 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0xD3 0x8F 0xE2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x16 0xE9 0x10 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x19 0x24 0x33 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0xD3 0x8F 0xE2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x16 0xE9 0x10 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0x19 0x24 0x33 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0xD3 0x8F 0xE2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xAD 0x16 0xE9 0x10 ...

---- Files - GMER 1.0.15 ----

File C:\Users\Sally\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sally\IEPrivacy_Cache 0 bytes
File C:\Users\Sally\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sally\IEPrivacy_Cache\Low 0 bytes
File C:\Users\Sally\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sally\IEPrivacy_Cache\Low\AntiPhishing 0 bytes
File C:\Users\Sally\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sally\IEPrivacy_Cache\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat 78924 bytes
File C:\Users\Sally\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sally\IEPrivacy_Cache\Low\Content.IE5 0 bytes
File C:\Users\Sally\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\GAJ6PNGL 0 bytes
File C:\Users\Sally\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\GAJ6PNGL\cue6n9tz[1].ico 318 bytes
File C:\Users\Sally\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Sally\IEPrivacy_Favorites 0 bytes
File C:\Users\Sally\IEPrivacy_Cache 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Content.IE5 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Content.IE5\71O4C4IV 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Content.IE5\71O4C4IV\desktop.ini 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Content.IE5\ATWBNC2P 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Content.IE5\ATWBNC2P\desktop.ini 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Content.IE5\EYNZ0IBC 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Content.IE5\EYNZ0IBC\desktop.ini 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Content.IE5\index.dat 32768 bytes
File C:\Users\Sally\IEPrivacy_Cache\Content.IE5\LK82QH9A 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Content.IE5\LK82QH9A\desktop.ini 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\2ZB6VKKL 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\2ZB6VKKL\3c47fjyf[1].xml 613 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\2ZB6VKKL\3fc96rt5[1].css 4143 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\2ZB6VKKL\4oa7a9t6[1].js 165519 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\2ZB6VKKL\bn9iieje[1].css 21599 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\2ZB6VKKL\desktop.ini 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\2ZB6VKKL\e2s40m6x[1].js 25755 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\desktop.ini 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\GAJ6PNGL 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\GAJ6PNGL\1ldlgbeg[1].css 1708 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\GAJ6PNGL\5of2ppzc[1].js 2113 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\GAJ6PNGL\b908xvlz[1].js 51543 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\GAJ6PNGL\bjamloip[1].gif 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\GAJ6PNGL\cue6n9tz[1].ico 318 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\GAJ6PNGL\desktop.ini 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\H14V5RB2 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\H14V5RB2\2yzkl0gj[1].css 15462 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\H14V5RB2\4267qzjl[1].gif 2704 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\H14V5RB2\5k5jekhg[1].js 996 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\H14V5RB2\desktop.ini 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\H14V5RB2\e5c48yil[1].css 2278 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\index.dat 32768 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\IO14XFQN 0 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\IO14XFQN\1jxsp4yb[1].css 26369 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\IO14XFQN\2gmbnh27[1].css 14525 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\IO14XFQN\4hvlr9i2[1].gif 1857 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\IO14XFQN\7iwb5azs[1].js 34821 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\IO14XFQN\8n7jkrgq[1].gif 164 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\IO14XFQN\desktop.ini 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\Content.IE5\IO14XFQN\yz5zobn1[1].css 7294 bytes
File C:\Users\Sally\IEPrivacy_Cache\Low\desktop.ini 67 bytes
File C:\Users\Sally\IEPrivacy_Cache\Virtualized 0 bytes
File C:\Users\Sally\IEPrivacy_Cookies 0 bytes
File C:\Users\Sally\IEPrivacy_Cookies\index.dat 16384 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low 0 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low\index.dat 32768 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low\sally@atdmt[2].txt 237 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low\sally@bing[2].txt 235 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low\sally@c.live[1].txt 65 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low\sally@c.msn[1].txt 64 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low\sally@facebook[2].txt 259 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low\sally@live[2].txt 235 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low\sally@msn[1].txt 236 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low\sally@windowsmarketplace[2].txt 263 bytes
File C:\Users\Sally\IEPrivacy_Cookies\Low\sally@zune[2].txt 235 bytes
File C:\Users\Sally\IEPrivacy_Favorites 0 bytes

---- EOF - GMER 1.0.15 ----


Thanks again,

Sally

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:20 AM

Posted 13 April 2010 - 08:58 AM

Please do a Quick scan....

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.45) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 sally.w

sally.w
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 13 April 2010 - 09:44 AM

Hi, here's the MBAM log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3984

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

13/04/2010 15:21:24
mbam-log-2010-04-13 (15-21-24).txt

Scan type: Quick scan
Objects scanned: 107961
Time elapsed: 14 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks,

Sally

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:20 AM

Posted 13 April 2010 - 10:00 AM

Hi suzy. i want you to post a DDS ang that GMER log for review by our MRT team,I want all those hooks checked.



Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 and not here,thanks.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:20 AM

Posted 13 April 2010 - 06:42 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/309463/slow-laptop/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users