Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS and receiving nginx error 404


  • This topic is locked This topic is locked
3 replies to this topic

#1 jcg1971

jcg1971

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 24 August 2011 - 02:28 PM

I have a Sony Vaio vgx-bx760.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by melissa garner at 12:07:57 on 2011-08-24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.193 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: My Security Shield *Enabled/Updated* {B9EC7A3E-80AD-47DE-887E-AA3F3492E5E5}
FW: My Security Shield *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\melissa garner\Local Settings\Temporary Internet Files\Content.IE5\LMFFTYL5\Defogger[1].exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = 1886680168 (0x70747468)
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
mStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\melissa garner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AROReminder] c:\program files\aro 2011\aro.exe -rem
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [Switcher.exe] "c:\program files\sony\wireless switch setting utility\Switcher.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire\Corel PhotoDownloader.exe
mRun: [QuickBooks Simple Start] "c:\program files\intuit\simplestartentice\entice.exe"
mRun: [VAIO Recovery] "c:\windows\sonysys\vaio recovery\PartSeal.exe"
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
dRun: [AOL Fast Start] "c:\progra~1\aol9~1.0\AOL.EXE" -b
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: google.com\b.mail
Trusted Zone: google.com\mail
Trusted Zone: google.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279803625812
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://pogoclub.oberon-media.com/online2/pogop/luxor_amun_rising/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{A0A08191-C235-4A9B-A9DA-9474F8207B62} : DhcpNameServer = 10.0.0.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: cryptnet32 - cryptnet32.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli fusstub
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\melissa garner\application data\mozilla\firefox\profiles\umfh5dag.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\melissa garner\application data\mozilla\firefox\profiles\umfh5dag.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\melissa garner\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\melissa garner\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\retrogamer_2zei\installr\1.bin\NP2zEISb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-8-24 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-8-24 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-8-24 656320]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2007-4-17 14720]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-8-24 233976]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-4-17 14336]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-2-22 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-2-22 33024]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-24 366640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-8-24 371472]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-8-24 1117144]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-17 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-24 22712]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-17 808448]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-5-8 20032]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-24 41272]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-4-17 31104]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-23 121192]
.
=============== Created Last 30 ================
.
2011-08-24 18:15:37 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-08-24 18:15:37 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-08-24 18:15:36 253096 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-08-24 18:15:29 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-08-24 18:15:29 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-24 18:15:28 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-08-24 18:15:23 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-08-24 18:15:09 -------- d-----w- c:\program files\PC Tools Security
2011-08-24 18:15:09 -------- d-----w- c:\program files\common files\PC Tools
2011-08-24 18:13:11 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-08-24 17:59:57 -------- d-----w- c:\documents and settings\melissa garner\local settings\application data\Help
2011-08-24 17:08:17 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-24 17:08:13 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 14:31:22 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-24 14:31:22 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-24 14:30:32 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-08-09 20:53:44 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-09 20:53:20 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-02 05:50:00 -------- d-----w- c:\documents and settings\all users\application data\VirtualizedApplications
2011-08-02 01:37:19 -------- d-s---w- c:\windows\system32\%APPDATA%
2011-08-01 22:15:03 -------- d-----w- c:\documents and settings\melissa garner\local settings\application data\SoftGrid Client
2011-08-01 22:15:01 -------- d-----w- c:\documents and settings\melissa garner\application data\SoftGrid Client
2011-08-01 22:13:08 -------- d-----w- c:\program files\Microsoft Application Virtualization Client
2011-08-01 22:13:08 -------- d-----w- c:\documents and settings\all users\Microsoft
2011-08-01 22:11:56 -------- d-----w- c:\documents and settings\melissa garner\application data\TP
2011-07-29 18:04:48 -------- d-----w- c:\program files\iPod
2011-07-29 18:04:23 -------- d-----w- c:\program files\iTunes
2011-07-29 17:59:43 -------- d-----w- c:\program files\Bonjour
.
==================== Find3M ====================
.
2011-08-24 17:01:48 4182 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-08-09 05:54:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 18:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 18:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 18:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:10:04.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jcg1971

jcg1971
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:16 PM

Posted 24 August 2011 - 02:59 PM

Here is a copy of the GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-24 12:58:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-9 ST9120822AS rev.3.ALC
Running: gmer.exe; Driver: C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\kfryrpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xA740F93E]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xA73E90CC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xA73E9394]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xA74102F8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xA7410682]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xA740EB7C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xA7410BC6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xA740FCFC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xA73E8B3C]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Messenger\msmsgs.exe[496] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001
.text C:\Program Files\Messenger\msmsgs.exe[496] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A10F5A
.text C:\Program Files\Messenger\msmsgs.exe[496] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Messenger\msmsgs.exe[496] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Messenger\msmsgs.exe[496] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A3, 71]
.text C:\Program Files\Messenger\msmsgs.exe[496] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719E0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01570001
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[532] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[532] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[532] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[532] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[532] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2032] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01770001
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2060] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A10F5A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2060] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2060] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2060] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A3, 71]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2060] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719E0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2356] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2356] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2356] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2356] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[2356] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2728] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2728] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A60F5A
.text C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2728] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AF0F5A
.text C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2728] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2728] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\DOCUME~1\MELISS~1\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[2728] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\hkcmd.exe[3244] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text C:\WINDOWS\system32\hkcmd.exe[3244] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\hkcmd.exe[3244] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\hkcmd.exe[3244] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[3244] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\hkcmd.exe[3244] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\wuauclt.exe[3264] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D90001
.text C:\WINDOWS\system32\wuauclt.exe[3264] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\wuauclt.exe[3264] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\wuauclt.exe[3264] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3264] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3264] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3272] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
.text C:\WINDOWS\system32\igfxsrvc.exe[3272] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3272] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[3272] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[3272] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\igfxsrvc.exe[3272] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\igfxpers.exe[3300] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001
.text C:\WINDOWS\system32\igfxpers.exe[3300] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\igfxpers.exe[3300] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\igfxpers.exe[3300] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[3300] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\igfxpers.exe[3300] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Apoint2K\Apoint.exe[3332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01030001
.text C:\Program Files\Apoint2K\Apoint.exe[3332] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Apoint2K\Apoint.exe[3332] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Apoint2K\Apoint.exe[3332] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint2K\Apoint.exe[3332] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Apoint2K\Apoint.exe[3332] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01610001
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3388] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A10F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3388] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3388] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3388] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A3, 71]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[3388] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719E0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01900001
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3432] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A10F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3432] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3432] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3432] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A3, 71]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3432] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719E0F5A
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3472] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3472] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3472] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3472] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Sony\ISB Utility\ISBMgr.exe[3472] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01720001
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3536] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A10F5A
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3536] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3536] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3536] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A3, 71]
.text C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[3536] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719E0F5A
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3556] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01410001
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3556] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3556] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3556] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3556] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3556] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Protector Suite QL\menusw.exe[3632] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A50001
.text C:\Program Files\Protector Suite QL\menusw.exe[3632] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Protector Suite QL\menusw.exe[3632] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Protector Suite QL\menusw.exe[3632] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Protector Suite QL\menusw.exe[3632] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Protector Suite QL\menusw.exe[3632] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3648] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 019A0001
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3648] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A10F5A
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3648] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3648] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3648] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A3, 71]
.text C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe[3648] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719E0F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01280001
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3664] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 719E0F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3664] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3664] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3664] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A0, 71]
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[3664] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719B0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02530001
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3708] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3708] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3708] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3708] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[3708] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3728] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E60001
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3728] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3728] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3728] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3728] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[3728] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Apoint2K\Apntex.exe[3752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001
.text C:\Program Files\Apoint2K\Apntex.exe[3752] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Apoint2K\Apntex.exe[3752] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Apoint2K\Apntex.exe[3752] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint2K\Apntex.exe[3752] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Apoint2K\Apntex.exe[3752] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D50001
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3784] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3784] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3784] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3784] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[3784] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01140001
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3928] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3928] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3928] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3928] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[3928] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3976] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01950001
.text C:\Program Files\iTunes\iTunesHelper.exe[3976] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 719C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3976] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3976] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3976] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [9E, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[3976] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71990F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4028] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01240001
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4028] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A20F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4028] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4028] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4028] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A4, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[4028] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719F0F5A
.text C:\Program Files\PC Tools Security\pctsGui.exe[4276] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BBA5 C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4640] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4760] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\PC Tools Security\pctsSvc.exe[4876] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BE85 C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Documents and Settings\melissa garner\Local Settings\Temporary Internet Files\Content.IE5\LMFFTYL5\Defogger[1].exe[5128] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\Documents and Settings\melissa garner\Local Settings\Temporary Internet Files\Content.IE5\LMFFTYL5\Defogger[1].exe[5128] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A60F5A
.text C:\Documents and Settings\melissa garner\Local Settings\Temporary Internet Files\Content.IE5\LMFFTYL5\Defogger[1].exe[5128] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AF0F5A
.text C:\Documents and Settings\melissa garner\Local Settings\Temporary Internet Files\Content.IE5\LMFFTYL5\Defogger[1].exe[5128] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\melissa garner\Local Settings\Temporary Internet Files\Content.IE5\LMFFTYL5\Defogger[1].exe[5128] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Documents and Settings\melissa garner\Local Settings\Temporary Internet Files\Content.IE5\LMFFTYL5\Defogger[1].exe[5128] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 011E0001
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5488] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A20F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5488] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5488] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5488] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A4, 71]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe[5488] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719F0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[5960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01000001
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[5960] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[5960] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[5960] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[5960] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe[5960] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Sftfsxp.sys (Microsoft Application Virtualization File System/Microsoft Corporation)
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:16 PM

Posted 26 August 2011 - 07:18 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:16 PM

Posted 31 August 2011 - 08:19 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users