Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit Causing BSOD


  • This topic is locked This topic is locked
4 replies to this topic

#1 manhattan24

manhattan24

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 28 April 2011 - 11:59 AM

Hi,

I had a problem start yesterday with IE, after clicking the shortcut it didn't seem to load. I did a scan with Spybot and it removed one Hijacked item, I then scanned the drive with Eset, Malwarebytes, A-Squared and Ger which didn't reveal any problems. I still think there is a problem as the computer has random freezes and every time I try and shut it down it crashes and restarts. The blue screen error says Internal Power Error as well as others. I also get an error when I try to update Windows.

Here are the logs.
DDS 1
.
DDS (Ver_11-03-05.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2046.722 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Outpost Firewall Pro *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}
FW: Outpost Firewall Pro *Enabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Applications\Utilities\USB Safely Remove\USBSRService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SYSTEM32\astsrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\bgsvcgen.exe
C:\Applications\Antivirus\ESET Nod32\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\srvany.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\conhost.exe
C:\Applications\Utilities\PerfectDisk 11\PDAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Applications\Spyware\WinPatrol\WinPatrol.exe
C:\Applications\Antivirus\ESET Nod32\egui.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Applications\Utilities\DisplayFusion\DisplayFusion.exe
C:\Applications\Utilities\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Applications\Utilities\PerfectDisk 11\PDAgentS1.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Applications\P2P\PeerBlock\peerblock.exe
C:\Applications\P2P\uTorrent\uTorrent.exe
C:\Windows\explorer.exe
C:\Applications\Browser\firefox.exe
C:\Applications\Email\thunderbird.exe
C:\Applications\Utilities\Instant File Find\InstantFileFind.exe
C:\Downloads\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uRun: [DisplayFusion] "c:\applications\utilities\displayfusion\DisplayFusion.exe"
uRun: [USB Safely Remove] c:\applications\utilities\usb safely remove\USBSafelyRemove.exe /startup
mRun: [WinPatrol] c:\applications\spyware\winpatrol\winpatrol.exe -expressboot
mRun: [egui] "c:\applications\antivirus\eset nod32\egui.exe" /hide /waitservice
mRun: [OutpostMonitor] "c:\applic~1\firewall\outpost\op_mon.exe" /tray /noservice
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\applications\spyware\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: {1AAA177B-5568-4A3E-91BD-744482ECC464} = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\applic~1\firewall\outpost\wl_hook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\matt\appdata\roaming\mozilla\firefox\profiles\bwbhu1y6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\applic~1\utilit~1\office\office14\NPAUTHZ.DLL
FF - plugin: c:\applic~1\utilit~1\office\office14\NPSPWRAP.DLL
FF - plugin: c:\applications\audio\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R1 afw;Agnitum Firewall Driver;c:\windows\system32\drivers\afw.sys [2011-4-4 34920]
R1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [2010-9-21 192504]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-4-4 710824]
R2 acssrv;Agnitum Client Security Service;c:\applic~1\firewall\outpost\acs.exe [2011-4-4 2040144]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144]
R2 ekrn;ESET Service;c:\applications\antivirus\eset nod32\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [2010-4-17 14416]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2010-7-22 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2010-7-22 416112]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\applications\utilities\usb safely remove\USBSRService.exe [2011-4-14 251736]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2011-4-4 328296]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-26 174592]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2009-11-26 13480]
S3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2011-4-4 72352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 i1display;i1 Display;c:\windows\system32\drivers\i1display.sys [2010-4-17 44344]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-29 30576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-23 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-11-26 16240]
.
=============== Created Last 30 ================
.
2011-04-28 01:06:45 54016 ----a-w- c:\windows\system32\drivers\ommnqp.sys
2011-04-27 22:19:15 -------- d-----w- c:\windows\system32\catroot2
2011-04-27 19:57:20 -------- d-----w- c:\users\matt\appdata\roaming\Malwarebytes
2011-04-27 19:57:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 19:57:12 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-27 19:57:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 19:28:07 -------- d-----w- c:\windows\system32\wbem\repository
2011-04-20 12:15:58 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-20 12:15:58 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-20 12:15:58 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-20 12:15:58 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-20 12:15:58 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-20 12:15:58 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-20 12:15:58 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-04-20 12:15:58 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-20 12:15:58 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-20 12:15:58 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-18 17:53:12 -------- d-----w- c:\users\matt\appdata\roaming\Mp3tag
2011-04-18 00:56:23 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2011-04-18 00:19:03 -------- d-----w- c:\program files\ffdshow
2011-04-15 22:08:58 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 01:22:36 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 01:22:34 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 01:22:33 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 01:22:33 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 01:22:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 01:22:32 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 01:22:31 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 01:22:31 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 01:22:31 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 01:22:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 01:21:43 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 01:21:43 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 01:21:40 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 01:21:40 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 01:21:40 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 01:21:40 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-07 21:43:36 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 21:43:34 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 21:43:34 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 21:43:34 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:43:20 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:43:04 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-04-04 19:59:50 710824 ----a-w- c:\windows\system32\drivers\SandBox.sys
2011-04-04 19:59:43 328296 ----a-w- c:\windows\system32\drivers\afwcore.sys
2011-04-04 19:59:28 -------- d-----w- c:\windows\system32\Filt
2011-04-04 19:59:26 34920 ----a-w- c:\windows\system32\drivers\afw.sys
2011-04-04 19:57:54 -------- d-----w- c:\progra~2\Agnitum
2011-04-03 14:45:30 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-04-03 14:45:30 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-04-02 16:47:32 -------- d-----w- c:\users\matt\appdata\local\Programs
2011-04-02 16:47:14 -------- d-----w- c:\users\matt\appdata\local\ArcSoft
2011-04-02 16:46:26 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2011-03-30 23:49:42 -------- d-----w- c:\users\matt\appdata\roaming\EAC
2011-03-30 23:49:42 -------- d-----w- c:\users\matt\appdata\roaming\AccurateRip
2011-03-29 16:55:12 -------- d-----w- c:\users\matt\appdata\roaming\Bradsoft.com
2011-03-29 02:42:05 -------- d-----w- c:\windows\system32\QuickTime
.
==================== Find3M ====================
.
2011-04-20 14:58:44 87608 ----a-w- c:\users\matt\appdata\roaming\inst.exe
2011-04-20 14:58:44 47360 ----a-w- c:\users\matt\appdata\roaming\pcouffin.sys
2011-04-08 05:14:00 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14:00 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-03-15 15:17:54 237320 ----a-w- c:\windows\system32\PDBoot.exe
2011-03-15 13:46:40 97648 ------w- c:\windows\system32\ElbyCDIO.dll
2011-02-23 03:18:40 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-22 15:52:00 1730112 ----a-w- c:\windows\system32\FMAPO.dll
2011-02-22 13:20:20 820224 ----a-w- c:\windows\system32\RCoRes.dat
2011-02-22 11:16:26 2145896 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 10:49:40 3805288 ----a-w- c:\windows\system32\RtkAPO.dll
2011-02-17 14:03:54 485992 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-02-16 13:11:28 69224 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-02-12 23:19:31 100 ----a-w- c:\windows\system32\prsgrc.dll
.
============= FINISH: 3:13:02.96 ===============


DDS2

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 26/11/2009 03:08:39
System Uptime: 27/04/2011 21:44:32 (6 hours ago)
.
Motherboard: Packard Bell BV | | PT890-8237A
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 153.86 GiB free.
D: is CDROM ()
E: is CDROM ()
J: is FIXED (NTFS) - 932 GiB total, 361.866 GiB free.
K: is FIXED (NTFS) - 466 GiB total, 139.268 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP481: 19/04/2011 06:49:24 - Scheduled Checkpoint
RP482: 20/04/2011 13:53:51 - Installed NVIDIA PhysX
RP483: 27/04/2011 20:12:11 - Restore Operation
RP484: 28/04/2011 00:28:43 - Installed HiJackThis
RP485: 28/04/2011 00:37:27 - Removed HiJackThis
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Ace Utilities
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator CS5
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.3
AdobeColorCommonSetRGB
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Theatre 5
Avidemux 2.5
AviSynth 2.5
AxCrypt 1.7.2126.0
Bamboo
BBS Tools
Bulk Rename Utility 2.7.1.2
Camtasia Studio 7
Cinema Craft Encoder SP2
ColorSchemer Studio 2
CoreAVC Professional Edition (remove only)
DC-Bass Source 1.1.1
Definition update for Microsoft Office 2010 (KB982726)
DisplayFusion 3.3.0
DJ_SF_06_D1600_SW_Min
DVD-lab PRO 2.5
DVD Rebuilder
DVD Shrink 3.2
EPSON TWAIN 5
eReg
ESET NOD32 Antivirus
Exact Audio Copy 1.0beta1
ExtractNow
Eye-One Match 3.6.2
ffdshow v1.1.3326 [2010-03-19]
File Scavenger 3.2
FileZilla Client 3.3.5.1
FLAC 1.2.1b (remove only)
foobar2000 v1.1.6
Genie Backup Manager Pro 8.0
GTK+ Runtime 2.14.7 rev a (remove only)
Guitar Pro 6
Haali Media Splitter
HP Deskjet D1600 Printer Driver 14.0 Rel. 6
i1_driver_installer_utility_i1Match version 1.0
ImgBurn
Instant File Find 1.6.1 build 5457
IrfanView (remove only)
iTunes
Lame ACM MP3 Codec
Logitech SetPoint 6.20
LucisArt 3 ED/SE
MainType 2.1.1
MakeMKV v1.6.7
Malwarebytes' Anti-Malware
MediaInfo 0.7.43
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 4.0 (x86 en-GB)
Mozilla Thunderbird (3.1.9)
Mp3tag v2.48
MRU-Blaster v1.5 (Database 3/28/2004)
NVIDIA Control Panel 270.61
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA PhysX
OpenAL
Outpost Firewall Pro 7.1
PeerBlock 1.1 (r518)
PerfectDisk 11 Professional
Pidgin
Portal 2
PowerISO
QT Lite 4.0.0
Rapture3D 2.3.22 Game
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Replay Music
Rosetta Stone Version 3
SCRABBLE® Interactive 2007 EDITION Uninstall
Skype™ 5.3
Some PDF to Txt Converter 1.5
Spybot - Search & Destroy
System Requirements Lab
The KMPlayer (remove only)
The Sims™ 3
TMPGEnc 4.0 XPress
TMPGEnc Authoring Works 4
Toolbox
TopStyle 4
Update for Microsoft Office 2010 (KB2494150)
USB Safely Remove 4.5
Vertus Fluid Mask 3 2.100.2-RC2
VobSub v2.23 (Remove Only)
VueScan
WaveLab 6
Waves Diamond Bundle v5.2
Waves Restoration
Windows Live ID Sign-in Assistant
WinPatrol
WinRAR 4.00 (32-bit)
Your Uninstaller! 2010
.
==== Event Viewer Messages From Past Week ========
.
27/04/2011 21:45:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: krde
27/04/2011 21:45:10, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
27/04/2011 21:45:04, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xd37f400b, 0x00000000, 0x9bb2bb78, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-31652-01.
27/04/2011 21:10:54, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x852e86b8, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-29187-01.
27/04/2011 21:08:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
27/04/2011 21:08:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/04/2011 21:08:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
27/04/2011 21:08:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
27/04/2011 21:08:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/04/2011 21:08:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD afw ArcSec CSC DfsC discache ElbyCDIO NetBIOS NetBT nsiproxy Psched rdbss SandBox SCDEmu spldr tdx Wanarpv6 WfpLwf
27/04/2011 21:08:19, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/04/2011 21:08:19, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/04/2011 21:08:19, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
27/04/2011 21:08:19, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/04/2011 21:08:19, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
27/04/2011 21:08:19, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
27/04/2011 21:08:19, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
27/04/2011 21:08:19, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/04/2011 21:08:19, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
27/04/2011 21:08:19, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x862f2548, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-20217-01.
27/04/2011 20:32:13, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x862f14a0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-32963-01.
27/04/2011 20:26:26, Error: Service Control Manager [7022] - The TabletServicePen service hung on starting.
27/04/2011 20:25:05, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
27/04/2011 20:24:34, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
27/04/2011 20:24:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
27/04/2011 20:24:31, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/04/2011 20:23:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
27/04/2011 20:23:56, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/04/2011 20:23:26, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
27/04/2011 20:22:56, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
27/04/2011 20:22:56, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/04/2011 20:22:25, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Themes service.
27/04/2011 20:22:25, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/04/2011 20:21:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ProfSvc service.
27/04/2011 20:21:55, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/04/2011 20:21:25, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
27/04/2011 20:21:25, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/04/2011 20:20:55, Error: Service Control Manager [7022] - The Multimedia Class Scheduler service hung on starting.
27/04/2011 20:20:55, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: After starting, the service hung in a start-pending state.
27/04/2011 20:19:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x862f23a0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-43664-01.
27/04/2011 19:19:22, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x852e1020, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-31761-01.
27/04/2011 19:13:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x862f1268, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-19843-01.
27/04/2011 18:23:25, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x862f23c0, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-34772-01.
27/04/2011 17:57:50, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x862f2348, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-30108-01.
27/04/2011 15:34:43, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x862f2020, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-32713-01.
27/04/2011 14:45:24, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x00000001, 0x00000006, 0x85ef1298, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 042711-34491-01.
27/04/2011 11:00:34, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the ESET Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
27/04/2011 11:00:34, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
26/04/2011 03:05:18, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
26/04/2011 03:03:17, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
.
==== End Of File ===========================


GER

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-28 16:16:42
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.AAD
Running: gmer.exe; Driver: C:\Users\Matt\AppData\Local\Temp\kxldypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwAllocateVirtualMemory [0x8ED2F6E0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwAlpcConnectPort [0x8ED2FB60]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwAlpcSendWaitReceivePort [0x8ED2FDF0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwAssignProcessToJobObject [0x8ED2F610]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwClose [0x8ED2D7E0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwConnectPort [0x8ED2F980]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateFile [0x8ED2D1B0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateKey [0x8ED2DB90]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateProcess [0x8ED2EAB0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateProcessEx [0x8ED2EBA0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateSection [0x8ED2CDE0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateSymbolicLinkObject [0x8ED2DAB0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateThread [0x8ED2E8F0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateThreadEx [0x8ED2E9D0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwCreateUserProcess [0x8ED2ECA0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwDebugActiveProcess [0x8ED2FFB0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwDeleteKey [0x8ED2DD50]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwDeleteValueKey [0x8ED2E680]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwEnumerateKey [0x8ED2DE10]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwEnumerateValueKey [0x8ED2DEF0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwFsControlFile [0x8ED2D0C0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwLoadDriver [0x8ED32000]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwMakeTemporaryObject [0x8ED2D9F0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwOpenFile [0x8ED2D640]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwOpenKey [0x8ED2DC80]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwOpenProcess [0x8ED2EE90]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwOpenSection [0x8ED2CEB0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwOpenThread [0x8ED2ED90]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwProtectVirtualMemory [0x8ED2F8A0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwQueryKey [0x8ED2DFD0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwQueryValueKey [0x8ED2E0B0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwQueueApcThread [0x8ED2F540]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwRenameKey [0x8ED2E5B0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwReplaceKey [0x8ED2E270]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwRequestPort [0x8ED2FC50]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwRequestWaitReplyPort [0x8ED2FD20]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwRestoreKey [0x8ED2E4E0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSaveKey [0x8ED2E340]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSaveKeyEx [0x8ED2E410]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSecureConnectPort [0x8ED2FA70]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSetContextThread [0x8ED2F450]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSetInformationDebugObject [0x8ED30080]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSetSecurityObject [0x8ED30180]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSetSystemInformation [0x8ED2E760]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSetValueKey [0x8ED2E190]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSuspendProcess [0x8ED2F2A0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSuspendThread [0x8ED2F360]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwSystemDebugControl [0x8ED2FED0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwTerminateProcess [0x8ED2EF90]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwTerminateThread [0x8ED2F150]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwUnloadDriver [0x8ED2E830]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwWriteFile [0x8ED2CFB0]
SSDT \??\C:\Windows\system32\drivers\SandBox.sys ZwWriteVirtualMemory [0x8ED2F7C0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 83047339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83080D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83087DE8 4 Bytes [E0, F6, D2, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 83087DF4 4 Bytes [60, FB, D2, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 83087E38 4 Bytes [F0, FD, D2, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83087E48 4 Bytes [10, F6, D2, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 83087E64 4 Bytes [E0, D7, D2, 8E]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\bgsvcgen.exe[264] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\bgsvcgen.exe[264] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\bgsvcgen.exe[264] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\bgsvcgen.exe[264] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\WISPTIS.EXE[508] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\WISPTIS.EXE[508] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\WISPTIS.EXE[508] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\WISPTIS.EXE[508] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[552] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[552] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[552] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[552] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\Explorer.EXE[564] ntdll.dll!NtProtectVirtualMemory 779B5F18 5 Bytes JMP 0059000A
.text C:\Windows\Explorer.EXE[564] ntdll.dll!NtWriteVirtualMemory 779B6A98 5 Bytes JMP 005A000A
.text C:\Windows\Explorer.EXE[564] ntdll.dll!KiUserExceptionDispatcher 779B7008 5 Bytes JMP 0058000A
.text C:\Windows\Explorer.EXE[564] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\Explorer.EXE[564] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\Explorer.EXE[564] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\Explorer.EXE[564] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wininit.exe[636] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wininit.exe[636] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wininit.exe[636] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wininit.exe[636] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Antivirus\ESET Nod32\ekrn.exe[648] kernel32.dll!SetUnhandledExceptionFilter 774A3D01 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\system32\services.exe[684] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\services.exe[684] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\services.exe[684] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\services.exe[684] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[704] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[704] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[704] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[704] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\lsass.exe[708] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\lsass.exe[708] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\lsass.exe[708] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\lsass.exe[708] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\lsm.exe[716] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\lsm.exe[716] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\lsm.exe[716] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\lsm.exe[716] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\winlogon.exe[844] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\winlogon.exe[844] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\winlogon.exe[844] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\winlogon.exe[844] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[860] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[860] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[860] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[860] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\USB Safely Remove\USBSRService.exe[960] user32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\USB Safely Remove\USBSRService.exe[960] user32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\USB Safely Remove\USBSRService.exe[960] user32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\USB Safely Remove\USBSRService.exe[960] user32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\nvvsvc.exe[992] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\nvvsvc.exe[992] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\nvvsvc.exe[992] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\nvvsvc.exe[992] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1176] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory 779B5F18 5 Bytes JMP 0040000A
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!NtWriteVirtualMemory 779B6A98 5 Bytes JMP 0041000A
.text C:\Windows\system32\svchost.exe[1232] ntdll.dll!KiUserExceptionDispatcher 779B7008 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[1232] ole32.dll!CoCreateInstance 77579D0B 5 Bytes JMP 0045000A
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1232] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[1336] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[1336] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[1336] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text \\?\C:\Windows\system32\wbem\WMIADAP.EXE[1336] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1356] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1356] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1356] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1356] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1420] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1420] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1420] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[1420] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1436] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1436] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1436] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[1436] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\nvvsvc.exe[1508] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\nvvsvc.exe[1508] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\nvvsvc.exe[1508] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\nvvsvc.exe[1508] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1536] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1536] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1536] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1536] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\Dwm.exe[1572] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1600] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1600] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1600] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[1600] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1612] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\spoolsv.exe[1748] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1796] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1796] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1796] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[1796] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\taskhost.exe[1820] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\taskhost.exe[1820] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\taskhost.exe[1820] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\taskhost.exe[1820] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\APPLIC~1\Firewall\Outpost\acs.exe[1904] kernel32.dll!SetUnhandledExceptionFilter 774A3D01 5 Bytes JMP 005ECE00 C:\APPLIC~1\Firewall\Outpost\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\APPLIC~1\Firewall\Outpost\acs.exe[1904] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\APPLIC~1\Firewall\Outpost\acs.exe[1904] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\APPLIC~1\Firewall\Outpost\acs.exe[1904] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\APPLIC~1\Firewall\Outpost\acs.exe[1904] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1964] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1964] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1964] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1964] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\astsrv.exe[2004] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\astsrv.exe[2004] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\astsrv.exe[2004] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\SYSTEM32\astsrv.exe[2004] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Downloads\gmer\gmer.exe[2068] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Downloads\gmer\gmer.exe[2068] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Downloads\gmer\gmer.exe[2068] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Downloads\gmer\gmer.exe[2068] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2128] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2128] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2128] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2128] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\srvany.exe[2208] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\srvany.exe[2208] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\srvany.exe[2208] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\srvany.exe[2208] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.).text C:\Windows\System32\svchost.exe[2296] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[2296] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[2296] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[2296] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\conhost.exe[2312] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\conhost.exe[2312] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\conhost.exe[2312] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\conhost.exe[2312] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\PerfectDisk 11\PDAgent.exe[2336] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\PerfectDisk 11\PDAgent.exe[2336] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\PerfectDisk 11\PDAgent.exe[2336] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\PerfectDisk 11\PDAgent.exe[2336] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[2412] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[2412] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[2412] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\svchost.exe[2412] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2500] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2500] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2500] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2500] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Spyware\WinPatrol\WinPatrol.exe[2576] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 004F5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Spyware\WinPatrol\WinPatrol.exe[2576] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 004F55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Spyware\WinPatrol\WinPatrol.exe[2576] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 004F55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Spyware\WinPatrol\WinPatrol.exe[2576] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 004F5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Firewall\Outpost\op_mon.exe[2604] ntdll.dll!LdrLoadDll 779D22B8 5 Bytes JMP 00614B7C C:\Applications\Firewall\Outpost\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Applications\Firewall\Outpost\op_mon.exe[2604] kernel32.dll!SetUnhandledExceptionFilter 774A3D01 5 Bytes JMP 00614AB8 C:\Applications\Firewall\Outpost\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Applications\Firewall\Outpost\op_mon.exe[2604] USER32.dll!EnableWindow 77288D02 5 Bytes JMP 03937A6C C:\Applications\Firewall\Outpost\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\Applications\Firewall\Outpost\op_mon.exe[2604] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 003E5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Firewall\Outpost\op_mon.exe[2604] USER32.dll!SetWindowsHookExW 7728E30C 5 Bytes JMP 00614B50 C:\Applications\Firewall\Outpost\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Applications\Firewall\Outpost\op_mon.exe[2604] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 003E55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Firewall\Outpost\op_mon.exe[2604] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 003E55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Firewall\Outpost\op_mon.exe[2604] USER32.dll!SetWindowsHookExA 772B6D0C 5 Bytes JMP 00614B24 C:\Applications\Firewall\Outpost\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Applications\Firewall\Outpost\op_mon.exe[2604] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 003E5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\DisplayFusion\DisplayFusion.exe[2616] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\DisplayFusion\DisplayFusion.exe[2616] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\DisplayFusion\DisplayFusion.exe[2616] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\DisplayFusion\DisplayFusion.exe[2616] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\USB Safely Remove\USBSafelyRemove.exe[2624] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\USB Safely Remove\USBSafelyRemove.exe[2624] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\USB Safely Remove\USBSafelyRemove.exe[2624] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\USB Safely Remove\USBSafelyRemove.exe[2624] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2656] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2656] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2656] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[2656] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2700] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2700] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2700] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2700] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2744] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3288] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3288] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3288] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3288] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[3428] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[3428] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[3428] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\svchost.exe[3428] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3500] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3500] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3500] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\system32\wbem\wmiprvse.exe[3500] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\PerfectDisk 11\PDAgentS1.exe[3588] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\PerfectDisk 11\PDAgentS1.exe[3588] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\PerfectDisk 11\PDAgentS1.exe[3588] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Applications\Utilities\PerfectDisk 11\PDAgentS1.exe[3588] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3768] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\vds.exe[3920] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\vds.exe[3920] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\vds.exe[3920] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Windows\System32\vds.exe[3920] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4040] USER32.dll!SetForegroundWindow 7728B225 5 Bytes JMP 100A5574 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4040] USER32.dll!SetWindowPos 77291BC4 5 Bytes JMP 100A55A0 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4040] USER32.dll!ChangeDisplaySettingsExA 772A627A 5 Bytes JMP 100A55F8 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4040] USER32.dll!ChangeDisplaySettingsExW 772CFA39 5 Bytes JMP 100A5624 c:\applic~1\firewall\outpost\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\nsiproxy \Device\Nsi afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:2512] 9F03DF2E

---- EOF - GMER 1.0.15 ----


Any help would be greatly appreciated.

Thanks

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,440 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 PM

Posted 08 May 2011 - 04:12 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 manhattan24

manhattan24
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 08 May 2011 - 06:55 AM

Hi,

I managed to solve the problem myself. I had a TDL4 rootkit and managed to remove it by re writing the MBR with a Windows repair disc.

I think the computer is now clean, having scanned it with Eset, SuperAntispyware and Malwarebytes.

Are there any other steps I need to take to make sure that the infection is completely removed?

Thanks

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,440 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 PM

Posted 08 May 2011 - 07:02 AM

Please find below some general prevention advice. Let me know if you have any other questions, otherwise I will close this topic.



Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,440 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 PM

Posted 22 May 2011 - 03:59 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users