Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Computer freezing/slowingg up at random times. Especially with Pandora and Explorer.

(In Progress)
(!)

medium_low_skill's Avatar
medium_low_skill medium_low_skill is offline
Computer Specs
Member with 80 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Beginner
04-Aug-2012, 09:16 PM #1
Computer freezing/slowingg up at random times. Especially with Pandora and Explorer.
I'm trying to help a friend out with their computer. It's freezing/slowingg up at random times. Especially with Pandora and Explorer. I'd appreciate any help. Thank you.

Computer System Specs (8-4-2012):

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) D CPU 3.00GHz, x64 Family 15 Model 6 Stepping 5
Processor Count: 2
RAM: 3317 Mb
Graphics Card: Intel(R) 946GZ Express Chipset Family, 384 Mb
Hard Drives: C: Total - 115914 MB, Free - 32678 MB; D: Total - 115561 MB, Free - 43713 MB; F: Total - 1430796 MB, Free - 1342042 MB;
Motherboard: Acer, E946GZ
Antivirus: McAfee VirusScan Enterprise, Updated: Yes, On-Demand Scanner: Enabled

___________________________________________________________________________ ________
___________________________________________________________________________ ________
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:33 AM, on 8/4/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Singlesnet\Singlesnet\Singlesnet.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\Desktop\HijackThis.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

--
End of file - 3599 bytes

___________________________________________________________________________ _____________
___________________________________________________________________________ _____________
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by April at 10:33:18 on 2012-08-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3318.913 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Singlesnet\Singlesnet\Singlesnet.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\ProgramData\OptimizerPro\OptimizerPro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\April\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://mystart.incredibar.com/mb139?a=6PQFteaqzy&i=26
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
BHO: RewardsArcade: {597a9974-8cb0-4f41-b61f-ed065738a397} - c:\program files\rewardsarcade\RewardsArcade.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - c:\program files\incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {9427041A-A8DC-4D06-9A68-93873486E957} - No File
uRun: [????r]
uRun: [?????????] ??????????????e
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [Singlesnet] c:\program files\singlesnet\singlesnet\Singlesnet.exe
uRun: [AROReminder] c:\program files\aro 2011\ARO.exe -rem
uRun: [Google Update] "c:\users\april\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ChromeFrameHelper] "c:\users\april\appdata\local\google\chrome\application\21.0.1180.60\chrome _frame_helper.exe" --startup
uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe
uRunOnce: [Application Restart #3] c:\users\april\appdata\local\google\chrome\application\chrome.exe --automation-channel=chrometestinginterface:5960.4 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --disable-print-preview --user-data-dir="c:\users\april\appdata\local\google\chrome frame\user data\iexplore" --chrome-version=19.0.1084.56 --lang=en-US --flag-switches-begin --flag-switches-end --restore-last-session
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Tour]
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [eRecoveryService]
mRun: [NWEReboot]
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mExplorerRun: [some] c:\program files\applications\wcs.exe
mExplorerRun: [start] c:\program files\applications\iebtm.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerclue.com/redirect.php
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{33177E88-4523-4F42-AE0A-BD2C298BF862} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{860B10B7-2442-4D8F-8750-C44B10E64877} : DhcpNameServer = 192.168.0.1 205.171.3.65
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\users\april\appdata\local\google\chrome\application\21.0.1180.60\npchrom e_frame.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-20 64288]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-1 21504]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2012-4-29 397848]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1355968]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-6-28 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2007-2-22 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2007-2-22 54872]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-8-3 185856]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-6-28 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-6-28 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-6-28 170408]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-23 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-23 136176]
.
=============== Created Last 30 ================
.
2012-08-03 21:54:27 -------- d-----w- c:\users\april\appdata\roaming\Optimizer Pro
2012-08-03 21:40:56 -------- d-----w- c:\programdata\Premium
2012-08-03 21:39:28 -------- d-----w- c:\programdata\OptimizerPro
2012-08-03 21:39:23 -------- d-----w- c:\program files\Optimizer Pro
2012-08-03 21:38:14 -------- d-----w- c:\program files\Perion
2012-08-03 21:38:06 -------- d-----w- c:\program files\Incredibar.com
2012-08-03 21:37:43 -------- d-----w- c:\program files\Web Assistant
2012-08-03 21:36:31 -------- d-----w- c:\programdata\InstallMate
2012-08-03 08:47:58 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{20bfb3f0-7c81-47d4-b449-409067e81e76}\offreg.dll
2012-08-03 06:40:10 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{20bfb3f0-7c81-47d4-b449-409067e81e76}\mpengine.dll
2012-07-12 10:04:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:54:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 10:54:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-11 10:54:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-11 10:54:39 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 10:54:35 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 10:54:35 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 10:54:33 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 10:54:33 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 10:54:33 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
==================== Find3M ====================
.
2012-08-03 05:49:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 05:49:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 10:34:24.42 ===============


___________________________________________________________________________ _______________
___________________________________________________________________________ _______________
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-04 17:53:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-0 ST3250820AS rev.3.AAD
Running: 5qyig5im.exe; Driver: C:\Users\April\AppData\Local\Temp\uwdorpod.sys


---- System - GMER 1.0.15 ----

INT 0x01 \??\C:\Users\April\AppData\Local\Temp\mbr.sys B4B99C42
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB4B3D4E7]
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwTerminateProcess 82041143 5 Bytes JMP B4B3D4EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\Users\April\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtCreateFile + 6 77A9424A 4 Bytes [28, 00, 11, 00] {SUB [EAX], AL; ADC [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtCreateFile + B 77A9424F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtMapViewOfSection + 6 77A9499A 1 Byte [28]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtMapViewOfSection + 6 77A9499A 4 Bytes [28, 03, 11, 00] {SUB [EBX], AL; ADC [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtMapViewOfSection + B 77A9499F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenFile + 6 77A94A2A 4 Bytes [68, 00, 11, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenFile + B 77A94A2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcess + 6 77A94AAA 4 Bytes [A8, 01, 11, 00] {TEST AL, 0x1; ADC [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcess + B 77A94AAF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcessToken + 6 77A94ABA 4 Bytes CALL 76A95BC0
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcessToken + B 77A94ABF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcessTokenEx + 6 77A94ACA 4 Bytes [A8, 02, 11, 00] {TEST AL, 0x2; ADC [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenProcessTokenEx + B 77A94ACF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThread + 6 77A94B1A 4 Bytes [68, 01, 11, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThread + B 77A94B1F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThreadToken + 6 77A94B2A 4 Bytes [68, 02, 11, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThreadToken + B 77A94B2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThreadTokenEx + 6 77A94B3A 4 Bytes CALL 76A95C41
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtOpenThreadTokenEx + B 77A94B3F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtQueryAttributesFile + 6 77A94BCA 4 Bytes [A8, 00, 11, 00] {TEST AL, 0x0; ADC [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtQueryAttributesFile + B 77A94BCF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtQueryFullAttributesFile + 6 77A94C7A 4 Bytes CALL 76A95D7F
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtQueryFullAttributesFile + B 77A94C7F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtSetInformationFile + 6 77A9515A 4 Bytes [28, 01, 11, 00] {SUB [ECX], AL; ADC [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtSetInformationFile + B 77A9515F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtSetInformationThread + 6 77A951AA 4 Bytes [28, 02, 11, 00] {SUB [EDX], AL; ADC [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtSetInformationThread + B 77A951AF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 1 Byte [68]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 4 Bytes [68, 03, 11, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[856] ntdll.dll!NtUnmapViewOfSection + B 77A9544F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtCreateFile + 6 77A9424A 4 Bytes [28, 00, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtCreateFile + B 77A9424F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtMapViewOfSection + 6 77A9499A 1 Byte [28]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtMapViewOfSection + 6 77A9499A 4 Bytes [28, 03, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtMapViewOfSection + B 77A9499F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenFile + 6 77A94A2A 4 Bytes [68, 00, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenFile + B 77A94A2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcess + 6 77A94AAA 4 Bytes [A8, 01, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcess + B 77A94AAF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessToken + 6 77A94ABA 4 Bytes CALL 76A978C0
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessToken + B 77A94ABF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessTokenEx + 6 77A94ACA 4 Bytes [A8, 02, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenProcessTokenEx + B 77A94ACF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThread + 6 77A94B1A 4 Bytes [68, 01, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThread + B 77A94B1F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadToken + 6 77A94B2A 4 Bytes [68, 02, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadToken + B 77A94B2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadTokenEx + 6 77A94B3A 4 Bytes CALL 76A97941
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtOpenThreadTokenEx + B 77A94B3F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryAttributesFile + 6 77A94BCA 4 Bytes [A8, 00, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryAttributesFile + B 77A94BCF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryFullAttributesFile + 6 77A94C7A 4 Bytes CALL 76A97A7F
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtQueryFullAttributesFile + B 77A94C7F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationFile + 6 77A9515A 4 Bytes [28, 01, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationFile + B 77A9515F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationThread + 6 77A951AA 4 Bytes [28, 02, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtSetInformationThread + B 77A951AF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 1 Byte [68]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 4 Bytes [68, 03, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[1016] ntdll.dll!NtUnmapViewOfSection + B 77A9544F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtCreateFile + 6 77A9424A 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtCreateFile + B 77A9424F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + 6 77A9499A 1 Byte [28]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + 6 77A9499A 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtMapViewOfSection + B 77A9499F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenFile + 6 77A94A2A 4 Bytes [68, 00, 31, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenFile + B 77A94A2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcess + 6 77A94AAA 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcess + B 77A94AAF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessToken + 6 77A94ABA 4 Bytes CALL 76A97BC0
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessToken + B 77A94ABF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessTokenEx + 6 77A94ACA 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenProcessTokenEx + B 77A94ACF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThread + 6 77A94B1A 4 Bytes [68, 01, 31, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThread + B 77A94B1F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadToken + 6 77A94B2A 4 Bytes [68, 02, 31, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadToken + B 77A94B2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadTokenEx + 6 77A94B3A 4 Bytes CALL 76A97C41
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtOpenThreadTokenEx + B 77A94B3F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryAttributesFile + 6 77A94BCA 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryAttributesFile + B 77A94BCF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryFullAttributesFile + 6 77A94C7A 4 Bytes CALL 76A97D7F
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtQueryFullAttributesFile + B 77A94C7F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationFile + 6 77A9515A 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationFile + B 77A9515F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationThread + 6 77A951AA 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX}
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtSetInformationThread + B 77A951AF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 1 Byte [68]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 4 Bytes [68, 03, 31, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[2536] ntdll.dll!NtUnmapViewOfSection + B 77A9544F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3260] WS2_32.dll!recv 765C343A 6 Bytes JMP 71A00F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3260] WS2_32.dll!WSASend 765C4496 6 Bytes JMP 719D0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3260] WS2_32.dll!WSALookupServiceNextW 765C455D 6 Bytes JMP 71A90F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3260] WS2_32.dll!WSALookupServiceBeginW 765C4E93 6 Bytes JMP 71AF0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3260] WS2_32.dll!WSALookupServiceEnd 765C5564 6 Bytes JMP 71A60F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3260] WS2_32.dll!send 765C659B 6 Bytes JMP 71A30F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3260] WS2_32.dll!WSAGetOverlappedResult 765C8143 6 Bytes JMP 71970F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3260] WS2_32.dll!WSARecv 765C8400 6 Bytes JMP 719A0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtCreateFile + 6 77A9424A 4 Bytes [28, 00, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtCreateFile + B 77A9424F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + 6 77A9499A 1 Byte [28]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + 6 77A9499A 4 Bytes [28, 03, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtMapViewOfSection + B 77A9499F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenFile + 6 77A94A2A 4 Bytes [68, 00, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenFile + B 77A94A2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcess + 6 77A94AAA 4 Bytes [A8, 01, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcess + B 77A94AAF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessToken + 6 77A94ABA 4 Bytes CALL 76A990C0
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessToken + B 77A94ABF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessTokenEx + 6 77A94ACA 4 Bytes [A8, 02, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenProcessTokenEx + B 77A94ACF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThread + 6 77A94B1A 4 Bytes [68, 01, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThread + B 77A94B1F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadToken + 6 77A94B2A 4 Bytes [68, 02, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadToken + B 77A94B2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadTokenEx + 6 77A94B3A 4 Bytes CALL 76A99141
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtOpenThreadTokenEx + B 77A94B3F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryAttributesFile + 6 77A94BCA 4 Bytes [A8, 00, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryAttributesFile + B 77A94BCF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryFullAttributesFile + 6 77A94C7A 4 Bytes CALL 76A9927F
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtQueryFullAttributesFile + B 77A94C7F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationFile + 6 77A9515A 4 Bytes [28, 01, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationFile + B 77A9515F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationThread + 6 77A951AA 4 Bytes [28, 02, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtSetInformationThread + B 77A951AF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 1 Byte [68]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 4 Bytes [68, 03, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[3620] ntdll.dll!NtUnmapViewOfSection + B 77A9544F 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!EnableWindow 762FCD8B 5 Bytes JMP 70729EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxParamW 763210B0 5 Bytes JMP 7068187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxIndirectParamW 76322EF5 5 Bytes JMP 70878D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxParamA 76338152 5 Bytes JMP 70878D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!DialogBoxIndirectParamA 7633847D 5 Bytes JMP 70878DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxIndirectA 7634D4D9 5 Bytes JMP 70878CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxIndirectW 7634D5D3 5 Bytes JMP 70878C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxExA 7634D639 5 Bytes JMP 70878BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] USER32.dll!MessageBoxExW 7634D65D 5 Bytes JMP 70878B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] WS2_32.dll!recv 765C343A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] WS2_32.dll!WSASend 765C4496 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] WS2_32.dll!WSALookupServiceNextW 765C455D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] WS2_32.dll!WSALookupServiceBeginW 765C4E93 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] WS2_32.dll!WSALookupServiceEnd 765C5564 6 Bytes JMP 71A60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] WS2_32.dll!send 765C659B 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] WS2_32.dll!WSAGetOverlappedResult 765C8143 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4052] WS2_32.dll!WSARecv 765C8400 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] kernel32.dll!CreateThread 7676C90E 5 Bytes JMP 706E75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateDialogParamW 762F72A2 5 Bytes JMP 708790F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!GetAsyncKeyState 762F863C 5 Bytes JMP 706CDEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 707225AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CallNextHookEx 762F8E3B 5 Bytes JMP 70747FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!UnhookWindowsHookEx 762F98DB 5 Bytes JMP 7076ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!EnableWindow 762FCD8B 5 Bytes JMP 70729EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DefWindowProcA 762FDB88 7 Bytes JMP 706E97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateWindowExA 762FDC2A 5 Bytes JMP 706F362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateWindowExW 76301305 5 Bytes JMP 707503B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!GetKeyState 76308CB1 5 Bytes JMP 706CDD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DefWindowProcW 763103B4 7 Bytes JMP 70748042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!IsDialogMessageW 76310745 5 Bytes JMP 70879855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateDialogParamA 763117AA 5 Bytes JMP 708790B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!IsDialogMessage 76311847 5 Bytes JMP 7087982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateDialogIndirectParamA 763126F1 5 Bytes JMP 70879128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!CreateDialogIndirectParamW 76319A62 5 Bytes JMP 70879160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!SetKeyboardState 76320987 5 Bytes JMP 7087A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxParamW 763210B0 5 Bytes JMP 7068187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxIndirectParamW 76322EF5 5 Bytes JMP 70878D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!SendInput 76322F75 5 Bytes JMP 7087A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!EndDialog 7632326E 5 Bytes JMP 70879B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!SetCursorPos 76336FB2 5 Bytes JMP 7087A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxParamA 76338152 5 Bytes JMP 70878D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!DialogBoxIndirectParamA 7633847D 5 Bytes JMP 70878DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxIndirectA 7634D4D9 5 Bytes JMP 70878CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxIndirectW 7634D5D3 5 Bytes JMP 70878C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxExA 7634D639 5 Bytes JMP 70878BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!MessageBoxExW 7634D65D 5 Bytes JMP 70878B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] USER32.dll!keybd_event 7634D972 5 Bytes JMP 7087A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] SHELL32.dll!SHRestricted + D95 76F989A8 4 Bytes [CF, 01, EB, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] SHELL32.dll!SHRestricted + D9D 76F989B0 8 Bytes JMP EAF77973
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] ole32.dll!OleLoadFromStream 76821E80 5 Bytes JMP 7087955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] WS2_32.dll!recv 765C343A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] WS2_32.dll!WSASend 765C4496 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] WS2_32.dll!WSALookupServiceNextW 765C455D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] WS2_32.dll!WSALookupServiceBeginW 765C4E93 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] WS2_32.dll!WSALookupServiceEnd 765C5564 6 Bytes JMP 71A60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] WS2_32.dll!send 765C659B 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] WS2_32.dll!WSAGetOverlappedResult 765C8143 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[4128] WS2_32.dll!WSARecv 765C8400 6 Bytes JMP 719A0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtCreateFile + 6 77A9424A 4 Bytes [28, 00, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtCreateFile + B 77A9424F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + 6 77A9499A 1 Byte [28]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + 6 77A9499A 4 Bytes [28, 03, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtMapViewOfSection + B 77A9499F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenFile + 6 77A94A2A 4 Bytes [68, 00, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenFile + B 77A94A2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcess + 6 77A94AAA 4 Bytes [A8, 01, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcess + B 77A94AAF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessToken + 6 77A94ABA 4 Bytes CALL 76A978C0
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessToken + B 77A94ABF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessTokenEx + 6 77A94ACA 4 Bytes [A8, 02, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenProcessTokenEx + B 77A94ACF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThread + 6 77A94B1A 4 Bytes [68, 01, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThread + B 77A94B1F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadToken + 6 77A94B2A 4 Bytes [68, 02, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadToken + B 77A94B2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadTokenEx + 6 77A94B3A 4 Bytes CALL 76A97941
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtOpenThreadTokenEx + B 77A94B3F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryAttributesFile + 6 77A94BCA 4 Bytes [A8, 00, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryAttributesFile + B 77A94BCF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryFullAttributesFile + 6 77A94C7A 4 Bytes CALL 76A97A7F
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtQueryFullAttributesFile + B 77A94C7F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationFile + 6 77A9515A 4 Bytes [28, 01, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationFile + B 77A9515F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationThread + 6 77A951AA 4 Bytes [28, 02, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtSetInformationThread + B 77A951AF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 1 Byte [68]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 4 Bytes [68, 03, 2E, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4308] ntdll.dll!NtUnmapViewOfSection + B 77A9544F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4564] WS2_32.dll!recv 765C343A 6 Bytes JMP 71A00F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4564] WS2_32.dll!WSASend 765C4496 6 Bytes JMP 719D0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4564] WS2_32.dll!WSALookupServiceNextW 765C455D 6 Bytes JMP 71A90F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4564] WS2_32.dll!WSALookupServiceBeginW 765C4E93 6 Bytes JMP 71AF0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4564] WS2_32.dll!WSALookupServiceEnd 765C5564 6 Bytes JMP 71A60F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4564] WS2_32.dll!send 765C659B 6 Bytes JMP 71A30F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4564] WS2_32.dll!WSAGetOverlappedResult 765C8143 6 Bytes JMP 71970F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4564] WS2_32.dll!WSARecv 765C8400 6 Bytes JMP 719A0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtCreateFile + 6 77A9424A 4 Bytes [28, 00, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtCreateFile + B 77A9424F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtMapViewOfSection + 6 77A9499A 1 Byte [28]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtMapViewOfSection + 6 77A9499A 4 Bytes [28, 03, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtMapViewOfSection + B 77A9499F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenFile + 6 77A94A2A 4 Bytes [68, 00, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenFile + B 77A94A2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcess + 6 77A94AAA 4 Bytes [A8, 01, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcess + B 77A94AAF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcessToken + 6 77A94ABA 4 Bytes CALL 76A990C0
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcessToken + B 77A94ABF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcessTokenEx + 6 77A94ACA 4 Bytes [A8, 02, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenProcessTokenEx + B 77A94ACF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThread + 6 77A94B1A 4 Bytes [68, 01, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThread + B 77A94B1F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThreadToken + 6 77A94B2A 4 Bytes [68, 02, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThreadToken + B 77A94B2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThreadTokenEx + 6 77A94B3A 4 Bytes CALL 76A99141
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtOpenThreadTokenEx + B 77A94B3F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtQueryAttributesFile + 6 77A94BCA 4 Bytes [A8, 00, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtQueryAttributesFile + B 77A94BCF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtQueryFullAttributesFile + 6 77A94C7A 4 Bytes CALL 76A9927F
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtQueryFullAttributesFile + B 77A94C7F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtSetInformationFile + 6 77A9515A 4 Bytes [28, 01, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtSetInformationFile + B 77A9515F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtSetInformationThread + 6 77A951AA 4 Bytes [28, 02, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtSetInformationThread + B 77A951AF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 1 Byte [68]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 4 Bytes [68, 03, 46, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[4632] ntdll.dll!NtUnmapViewOfSection + B 77A9544F 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] kernel32.dll!CreateThread 7676C90E 5 Bytes JMP 706E75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!CreateDialogParamW 762F72A2 5 Bytes JMP 708790F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!GetAsyncKeyState 762F863C 5 Bytes JMP 706CDEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 707225AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!CallNextHookEx 762F8E3B 5 Bytes JMP 70747FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!UnhookWindowsHookEx 762F98DB 5 Bytes JMP 7076ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!EnableWindow 762FCD8B 5 Bytes JMP 70729EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!DefWindowProcA 762FDB88 7 Bytes JMP 706E97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!CreateWindowExA 762FDC2A 5 Bytes JMP 706F362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!CreateWindowExW 76301305 5 Bytes JMP 707503B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!GetKeyState 76308CB1 5 Bytes JMP 706CDD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!DefWindowProcW 763103B4 7 Bytes JMP 70748042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!IsDialogMessageW 76310745 5 Bytes JMP 70879855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!CreateDialogParamA 763117AA 5 Bytes JMP 708790B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!IsDialogMessage 76311847 5 Bytes JMP 7087982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!CreateDialogIndirectParamA 763126F1 5 Bytes JMP 70879128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!CreateDialogIndirectParamW 76319A62 5 Bytes JMP 70879160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!SetKeyboardState 76320987 5 Bytes JMP 7087A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!DialogBoxParamW 763210B0 5 Bytes JMP 7068187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!DialogBoxIndirectParamW 76322EF5 5 Bytes JMP 70878D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!SendInput 76322F75 5 Bytes JMP 7087A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!EndDialog 7632326E 5 Bytes JMP 70879B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!SetCursorPos 76336FB2 5 Bytes JMP 7087A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!DialogBoxParamA 76338152 5 Bytes JMP 70878D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!DialogBoxIndirectParamA 7633847D 5 Bytes JMP 70878DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!MessageBoxIndirectA 7634D4D9 5 Bytes JMP 70878CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!MessageBoxIndirectW 7634D5D3 5 Bytes JMP 70878C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!MessageBoxExA 7634D639 5 Bytes JMP 70878BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!MessageBoxExW 7634D65D 5 Bytes JMP 70878B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] USER32.dll!keybd_event 7634D972 5 Bytes JMP 7087A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] SHELL32.dll!SHRestricted + D95 76F989A8 4 Bytes [CF, 01, EB, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] SHELL32.dll!SHRestricted + D9D 76F989B0 8 Bytes JMP EAF77973
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] ole32.dll!OleLoadFromStream 76821E80 5 Bytes JMP 7087955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] WS2_32.dll!recv 765C343A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] WS2_32.dll!WSASend 765C4496 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] WS2_32.dll!WSALookupServiceNextW 765C455D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] WS2_32.dll!WSALookupServiceBeginW 765C4E93 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] WS2_32.dll!WSALookupServiceEnd 765C5564 6 Bytes JMP 71A60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] WS2_32.dll!send 765C659B 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] WS2_32.dll!WSAGetOverlappedResult 765C8143 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5028] WS2_32.dll!WSARecv 765C8400 6 Bytes JMP 719A0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtCreateFile + 6 77A9424A 4 Bytes [28, 00, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtCreateFile + B 77A9424F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtMapViewOfSection + 6 77A9499A 1 Byte [28]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtMapViewOfSection + 6 77A9499A 4 Bytes [28, 03, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtMapViewOfSection + B 77A9499F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenFile + 6 77A94A2A 4 Bytes [68, 00, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenFile + B 77A94A2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcess + 6 77A94AAA 4 Bytes [A8, 01, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcess + B 77A94AAF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcessToken + 6 77A94ABA 4 Bytes CALL 76A980C0
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcessToken + B 77A94ABF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcessTokenEx + 6 77A94ACA 4 Bytes [A8, 02, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenProcessTokenEx + B 77A94ACF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThread + 6 77A94B1A 4 Bytes [68, 01, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThread + B 77A94B1F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThreadToken + 6 77A94B2A 4 Bytes [68, 02, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThreadToken + B 77A94B2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThreadTokenEx + 6 77A94B3A 4 Bytes CALL 76A98141
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtOpenThreadTokenEx + B 77A94B3F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtQueryAttributesFile + 6 77A94BCA 4 Bytes [A8, 00, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtQueryAttributesFile + B 77A94BCF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtQueryFullAttributesFile + 6 77A94C7A 4 Bytes CALL 76A9827F
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtQueryFullAttributesFile + B 77A94C7F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtSetInformationFile + 6 77A9515A 4 Bytes [28, 01, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtSetInformationFile + B 77A9515F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtSetInformationThread + 6 77A951AA 4 Bytes [28, 02, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtSetInformationThread + B 77A951AF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 1 Byte [68]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 4 Bytes [68, 03, 36, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5324] ntdll.dll!NtUnmapViewOfSection + B 77A9544F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5600] WS2_32.dll!recv 765C343A 6 Bytes JMP 71A00F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5600] WS2_32.dll!WSASend 765C4496 6 Bytes JMP 719D0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5600] WS2_32.dll!WSALookupServiceNextW 765C455D 6 Bytes JMP 71A90F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5600] WS2_32.dll!WSALookupServiceBeginW 765C4E93 6 Bytes JMP 71AF0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5600] WS2_32.dll!WSALookupServiceEnd 765C5564 6 Bytes JMP 71A60F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5600] WS2_32.dll!send 765C659B 6 Bytes JMP 71A30F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5600] WS2_32.dll!WSAGetOverlappedResult 765C8143 6 Bytes JMP 71970F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5600] WS2_32.dll!WSARecv 765C8400 6 Bytes JMP 719A0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5740] WS2_32.dll!recv 765C343A 6 Bytes JMP 71A00F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5740] WS2_32.dll!WSASend 765C4496 6 Bytes JMP 719D0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5740] WS2_32.dll!WSALookupServiceNextW 765C455D 6 Bytes JMP 71A90F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5740] WS2_32.dll!WSALookupServiceBeginW 765C4E93 6 Bytes JMP 71AF0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5740] WS2_32.dll!WSALookupServiceEnd 765C5564 6 Bytes JMP 71A60F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5740] WS2_32.dll!send 765C659B 6 Bytes JMP 71A30F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5740] WS2_32.dll!WSAGetOverlappedResult 765C8143 6 Bytes JMP 71970F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5740] WS2_32.dll!WSARecv 765C8400 6 Bytes JMP 719A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] kernel32.dll!CreateThread 7676C90E 5 Bytes JMP 706E75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!CreateDialogParamW 762F72A2 5 Bytes JMP 708790F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!GetAsyncKeyState 762F863C 5 Bytes JMP 706CDEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!SetWindowsHookExW 762F87AD 5 Bytes JMP 707225AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!CallNextHookEx 762F8E3B 5 Bytes JMP 70747FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!UnhookWindowsHookEx 762F98DB 5 Bytes JMP 7076ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!EnableWindow 762FCD8B 5 Bytes JMP 70729EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!DefWindowProcA 762FDB88 7 Bytes JMP 706E97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!CreateWindowExA 762FDC2A 5 Bytes JMP 706F362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!CreateWindowExW 76301305 5 Bytes JMP 707503B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!GetKeyState 76308CB1 5 Bytes JMP 706CDD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!DefWindowProcW 763103B4 7 Bytes JMP 70748042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!IsDialogMessageW 76310745 5 Bytes JMP 70879855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!CreateDialogParamA 763117AA 5 Bytes JMP 708790B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!IsDialogMessage 76311847 5 Bytes JMP 7087982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!CreateDialogIndirectParamA 763126F1 5 Bytes JMP 70879128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!CreateDialogIndirectParamW 76319A62 5 Bytes JMP 70879160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!SetKeyboardState 76320987 5 Bytes JMP 7087A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!DialogBoxParamW 763210B0 5 Bytes JMP 7068187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!DialogBoxIndirectParamW 76322EF5 5 Bytes JMP 70878D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!SendInput 76322F75 5 Bytes JMP 7087A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!EndDialog 7632326E 5 Bytes JMP 70879B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!SetCursorPos 76336FB2 5 Bytes JMP 7087A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!DialogBoxParamA 76338152 5 Bytes JMP 70878D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!DialogBoxIndirectParamA 7633847D 5 Bytes JMP 70878DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!MessageBoxIndirectA 7634D4D9 5 Bytes JMP 70878CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!MessageBoxIndirectW 7634D5D3 5 Bytes JMP 70878C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!MessageBoxExA 7634D639 5 Bytes JMP 70878BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!MessageBoxExW 7634D65D 5 Bytes JMP 70878B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] USER32.dll!keybd_event 7634D972 5 Bytes JMP 7087A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] SHELL32.dll!SHRestricted + D95 76F989A8 4 Bytes [CF, 01, EB, 73]
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] SHELL32.dll!SHRestricted + D9D 76F989B0 8 Bytes JMP EAF77973
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] ole32.dll!OleLoadFromStream 76821E80 5 Bytes JMP 7087955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] WS2_32.dll!recv 765C343A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] WS2_32.dll!WSASend 765C4496 6 Bytes JMP 719D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] WS2_32.dll!WSALookupServiceNextW 765C455D 6 Bytes JMP 71A90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] WS2_32.dll!WSALookupServiceBeginW 765C4E93 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] WS2_32.dll!WSALookupServiceEnd 765C5564 6 Bytes JMP 71A60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] WS2_32.dll!send 765C659B 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] WS2_32.dll!WSAGetOverlappedResult 765C8143 6 Bytes JMP 71970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5828] WS2_32.dll!WSARecv 765C8400 6 Bytes JMP 719A0F5A
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtCreateFile + 6 77A9424A 4 Bytes [28, 00, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtCreateFile + B 77A9424F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtMapViewOfSection + 6 77A9499A 1 Byte [28]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtMapViewOfSection + 6 77A9499A 4 Bytes [28, 03, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtMapViewOfSection + B 77A9499F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenFile + 6 77A94A2A 4 Bytes [68, 00, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenFile + B 77A94A2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcess + 6 77A94AAA 4 Bytes [A8, 01, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcess + B 77A94AAF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessToken + 6 77A94ABA 4 Bytes CALL 76A98CC0
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessToken + B 77A94ABF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessTokenEx + 6 77A94ACA 4 Bytes [A8, 02, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessTokenEx + B 77A94ACF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThread + 6 77A94B1A 4 Bytes [68, 01, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThread + B 77A94B1F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadToken + 6 77A94B2A 4 Bytes [68, 02, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadToken + B 77A94B2F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadTokenEx + 6 77A94B3A 4 Bytes CALL 76A98D41
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadTokenEx + B 77A94B3F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryAttributesFile + 6 77A94BCA 4 Bytes [A8, 00, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryAttributesFile + B 77A94BCF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryFullAttributesFile + 6 77A94C7A 4 Bytes CALL 76A98E7F
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryFullAttributesFile + B 77A94C7F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationFile + 6 77A9515A 4 Bytes [28, 01, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationFile + B 77A9515F 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationThread + 6 77A951AA 4 Bytes [28, 02, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationThread + B 77A951AF 1 Byte [E2]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 1 Byte [68]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtUnmapViewOfSection + 6 77A9544A 4 Bytes [68, 03, 42, 00]
.text C:\Users\April\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtUnmapViewOfSection + B 77A9544F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
medium_low_skill's Avatar
medium_low_skill medium_low_skill is offline
Computer Specs
Member with 80 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Beginner
11-Aug-2012, 11:49 AM #2
Exclamation Important/critical update
....IMPORTANT/CRITICAL UPDATE....


When my friends turn on their computer, the screen stays black and it just makes a beep approximately once every second or two. I was thinking about having them go into safe mode but I'm also waiting for a phone call from them answering the following Q's (I'm not currently at their house/computer):
1. Did they turn the computer off on their own or did it do it by itself?
a. If they turned off (or reset) it the last time (before it started doing this), what made them do so? I.e. Was it frozen, running ads, just slowing down, or something else before it turned off?
b. If the computer reset by itself, what was occurring prior to it doing so?
Anyway, it doesn't sound great to me but I'd like to know what ideas/actions you have/think could be done. Did the previously posted information (Hijack This, DDS, GMER) identify any culprits?

Thank you very much (whoever gets this)
medium_low_skill's Avatar
medium_low_skill medium_low_skill is offline
Computer Specs
Member with 80 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Beginner
19-Aug-2012, 11:29 AM #3
Still needing help
Hello. Bumping because it fell off the 1st 6 pg's again and it seems like this post might have been accidentally missed by the helpful volunteers as others have been getting replies who first requested help 10+ days after my request. Thanks for all you guys and gals do to help others fight the computer problem "wars".

P.S. I have their computer here now but haven't tried to turn it on yet because I wanted to establish contact first and ask if I should try a regular start or try getting a safe mode start first. Also, I "think" I remember learning at some point in the past that there are 2 different possible ways that could be necessary to get into safe mode. One was continuing to push F8 but I can't remember what the other was. Thanks again.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
25-Aug-2012, 07:19 PM #4
sorry for the wait, the forum has been swamped

please run the following:

Refer to the ComboFix User's Guide
  1. Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
medium_low_skill's Avatar
medium_low_skill medium_low_skill is offline
Computer Specs
Member with 80 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Beginner
26-Aug-2012, 01:21 PM #5
Hi CatByte and thanks for the reply.
I'm still in my post #2 & #3 situation of concern irt attempting to restart the computer. Here's a quick updated timeline of what has occured:

1. 04Aug- While at my friends house, I ran the tests and posted the original Q due to the reported poor computer behavior.
2. 11Aug- They reported to me that the previous night they turned off the monitor (but left computer on as per their normal behavior). In the morning, they turned on the monitor and the computer wasn't working. They turned the computer off, waited approx 10 seconds, then restarted. As the computer was trying to restart it started beeping (approximately 1 beep/sec) but the computer didn't start. On subsequent attempts the same beeping occurred or a constant beep (tone) persisted.
3. 14Aug- They dropped the computer off with me but I wanted to wait to contact someone at TSG iot settle on whether to try a normal start or go straight for an attempt at a safe start.

4. I was leaning towards a virus or malware but now I'm not sure. A friend (with just the basic consumer level computer knowledge) of my friends told them that he thought it could be a video card issue. They were even told it could possibly have something to do with their computer fan...(something about the pwr getting interrupted at the fan junction and not able to get to the rest of the computer---if that's even possible)???

---So which type of start do you think I should try first (straight to a safe mode attempt or try a normal start)?---

Thanks again for the assistance.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
26-Aug-2012, 02:29 PM #6
with the computer being so unstable, try booting into safe mode and running ComboFix from safe mode

(transfer it over via USB)

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account


( I might suggest safe mode with networking, but I want to have the best stability till we figure out whether its caused by infection of hardware failure)
medium_low_skill's Avatar
medium_low_skill medium_low_skill is offline
Computer Specs
Member with 80 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Beginner
28-Aug-2012, 12:49 PM #7
Uggg...
A bit of a complex answer but please bear with me...

I hit the pwr button and the computer made a few start-up sounds but within approximately 5 seconds a steady tone was heard that didn't stop until the pwr was turned off.

With the side panel off, I repeated the process and noticed 2 different results:
1. The computer seemed to be trying to start & the fans turned on but then the steady tone episode occurred.
2. " " " " then turned off for a second &the fans started again. There was sometimes no tone but I never heard a intermittent tone (it was always steady).

I did this about a dozen times and all of a sudden (on one of the #2 style start-ups above) I observed a message about using F12 to enter start up. I pushed F8 instead and was able to select Safe mode. The desktop appeared and I was writing this email to update you when the monitor went a lime green color (nothing else visible) and stayed that way. I estimate it was about 2 minutes from when the desktop appeared (in safe mode) and the time the screen went green. Is that something you (or another TSG person) has had any experience with so that you'd have an idea of what this behavior means??? Maybe a video card, pwr interruption to some part of the motherboard or HD, or something else other than the standard answer of a HD failure?

I plan on trying to get it into safe mode again and trying to work very fast to get the software loaded onto it before it goes green again...

Any thoughts/recommendations irt the situation would be most welcome.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
28-Aug-2012, 05:34 PM #8
unfortunately it could be so many things that could be causing this issue, bad video card, bad ram, bad mother board, bad hard drive,

there's really no way of knowing exactly.

see if you can get it booted to safe mode and at least try running combofix


if we can rule out malware, then at least you will know where to go from there
medium_low_skill's Avatar
medium_low_skill medium_low_skill is offline
Computer Specs
Member with 80 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Beginner
29-Aug-2012, 05:04 PM #9
Progress, but I'm worried about how long the computer will stay on...Yikes!...
Hi Catbyte,

---------------------------------------------------------------------------------------------------------------------------------------------------
First, #2 (in my previous post) didn't post properly. The quotation marks didn't extend out the way I wrote them. The gist was that the fans started, then stopped, then started again before the tone occured (as opposed to the fans only starting once b4 the tone). I'm including these symptoms in the hope that it could help diagnose a possible hardware issue...
---------------------------------------------------------------------------------------------------------------------------------------------------

I have an update with a few embedded Q's (thx for the answers, I'm always concerned that something seemingly insignificant could actually be an important clue).

1. After about 20-30 attempts (one time I had the intermittent beeping, as opposed to the steady tone) the computer came on such that I could get it into Safe Mode.

2. I started ComboFix but received an error message saying, summarized: "Access denied, use an administrator prompt to run". I decided I should get a screen shot of the exact phrase so I re-inserted my thumb drive. Just as I did that, ComboFix started to run... I didn't do a screenshot because I remember reading that you're not supposed to do "anything" while ComboFix is running.

3. As combofix was running (I think it was around stage 32), the same message about needing to be an administrator came up. Then, about 10 seconds later, the program continued anyway. Btw, just as an fyi, the desktop never went blank. Question: Do those administrator warnings (where it says access denied once or twice but eventually runs anyway) normally occur or does that seem odd???

4. The program finished and I saved the log to my thumb drive. I tried to use the "safely remove hardware" option (which had worked normally when I removed the thumb after xfering comboFix to the computer just 5-10 min prior). This time it wouldn't work and a message popped up saying: "C:/Windows/system32/rundll32.exe, Illegal operation attempted on a registry key that has been marked for deletion." I tried going into "My computer" and right clicking on the thumb drive to select "eject", but nothing would happen at all. Answered it: I just re-read your post about this issue but I haven't tried to restart the computer due to the extreme difficulty (and somewhat pure luck) getting it to turn on again.

-----------------------------------------------------------------------------------------------------------------
Ok, here's the log, I hope it's helpful :

ComboFix 12-08-28.01 - April 08/29/2012 13:03:35.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3318.2833 [GMT -7:00]
Running from: f:\tsg stuff\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Applications\myd.ico
c:\program files\Applications\mym.ico
c:\program files\Applications\myp.ico
c:\program files\Applications\myv.ico
c:\program files\Applications\ot.ico
c:\program files\Applications\ts.ico
c:\program files\AV9
c:\program files\ErrorSmart
c:\program files\ErrorSmart\ErrorSmart.url
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\RewardsArcade
c:\program files\RewardsArcade\appAPIinternalWrapper.js
c:\program files\RewardsArcade\fb.js
c:\program files\RewardsArcade\jquery.js
c:\program files\RewardsArcade\json.js
c:\program files\RewardsArcade\RewardsArcade.dll
c:\program files\RewardsArcade\RewardsArcade.exe
c:\program files\RewardsArcade\Uninstall.exe
c:\program files\RewardsArcade\UserConfirmation.exe
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\programdata\Secure Solutions
c:\users\April\AppData\Roaming\ErrorSmart
c:\users\April\AppData\Roaming\ErrorSmart\Log\2008 Dec 06 - 12_53_22 PM_507.log
c:\users\April\AppData\Roaming\Microsoft\Windows\Recent\My Pictures.url
c:\windows\system32\msnphoto.scr
c:\windows\system32\roboot.exe
d:\users\April\Documents\~WRL0005.tmp
d:\users\April\Documents\~WRL1896.tmp
d:\users\April\Documents\~WRL1937.tmp
d:\users\April\Documents\~WRL3420.tmp
d:\users\April\Documents\My Documents.url
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 20:10 . 2012-08-29 20:10 -------- d-----w- c:\users\April\AppData\Local\temp
2012-08-29 20:10 . 2012-08-29 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 06:29 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{862ADF1D-8FCF-455E-80EE-B3930A5271BE}\mpengine.dll
2012-08-03 21:54 . 2012-08-03 21:54 -------- d-----w- c:\users\April\AppData\Roaming\Optimizer Pro
2012-08-03 21:40 . 2012-08-03 21:40 -------- d-----w- c:\programdata\Premium
2012-08-03 21:39 . 2012-08-04 02:40 -------- d-----w- c:\programdata\OptimizerPro
2012-08-03 21:39 . 2012-08-03 21:39 -------- d-----w- c:\program files\Optimizer Pro
2012-08-03 21:38 . 2012-08-03 21:38 -------- d-----w- c:\program files\Perion
2012-08-03 21:38 . 2012-08-03 21:38 453 ----a-w- C:\user.js
2012-08-03 21:37 . 2012-08-03 21:37 -------- d-----w- c:\program files\Web Assistant
2012-08-03 21:36 . 2012-08-03 21:40 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 05:49 . 2012-03-29 18:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 05:49 . 2011-12-08 19:35 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:40 . 2012-07-12 10:04 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 10:54 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 10:54 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 10:54 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 10:58 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 10:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 10:59 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 10:58 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 10:58 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 10:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 10:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 10:58 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-19 10:58 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33 . 2012-07-12 10:01 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 10:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 10:01 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 10:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 10:54 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 10:54 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 00:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Singlesnet"="c:\program files\Singlesnet\Singlesnet\Singlesnet.exe" [2009-12-10 2797096]
"AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-10-07 2314608]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Optimizer Pro"="c:\program files\Optimizer Pro\OptProLauncher.exe" [2012-01-03 81912]
"ChromeFrameHelper"="c:\users\April\AppData\Local\Google\Chrome\Application \21.0.1180.75\chrome_frame_helper.exe" [2012-08-07 81432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-20 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-05-09 201112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 05:49]
.
2012-07-30 c:\windows\Tasks\ARO 2011.job
- c:\program files\ARO 2011\ARO.exe [2011-11-13 18:40]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 23:09]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 23:09]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3118373242-1020852896-2878386637-1000Core.job
- c:\users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 17:36]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3118373242-1020852896-2878386637-1000UA.job
- c:\users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-11 17:36]
.
2012-08-09 c:\windows\Tasks\OptimizerProUpdaterTask{58641849-E401-4643-B97D-3C67ED8D23F6}.job
- c:\programdata\OptimizerPro\OptimizerPro.exe [2012-08-03 21:39]
.
2012-08-09 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files\PC Performer\PCPerformer.exe [2011-12-11 02:04]
.
2012-08-08 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files\PC Performer\PCPerformer.exe [2011-12-11 02:04]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NWEReboot - (no file)
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-RewardsArcade - c:\program files\RewardsArcade\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-29 13:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-29 13:13:02
ComboFix-quarantined-files.txt 2012-08-29 20:12
.
Pre-Run: 32,102,854,656 bytes free
Post-Run: 32,618,438,656 bytes free
.
- - End Of File - - 0669E5FC6F5D03D68FC8E762E06386CA
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
29-Aug-2012, 05:37 PM #10
well, you did have a number of infections on your machine, but I don't feel, from your description, that the infections were entirely responsible for the behaviour you are seeing now.

Your machine should be more stable now that a lot of junk has been removed, so try booting normally

give it lots of time for windows to load, it has been through some trauma

let me know if you are now able to boot normally

(fingers crossed as we have more work to do)
medium_low_skill's Avatar
medium_low_skill medium_low_skill is offline
Computer Specs
Member with 80 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Beginner
29-Aug-2012, 07:32 PM #11
Glass getting closer to half full. :)
OMG, it started normally without any tone (there were no speakers btw) and it is up and running...

The following 4 things popped up on the screen on start-up:

1. ARO2011- "Reminder- Faster startup, fewer errors, and a cleaner system may be just a click away. 436 registry errors and tweaks remained on your system after the last scan. Buy now to fix any that remain or learn how to fix." Then, at the bottome of the dialog box, it says "To remove ARO2011 without fixing errors, please click here." Seems like trojan horse to me but what do I know? I even worry that when it says "click here" (to remove the program) that it could actually load something bad...

2. PC Performer (by performersoft)- This program automatically started trying to start running a scan. I hit stop scan to see what you want me to do. I don't know about this one either but I "think" it's more legitimate...

3. Optimizer Pro Speed Guard- "Attention! 13,847 errors are slowing down your computer. To completely optimize and clean your computer, it is highly recommended that you register and use the full version of optimizer pro. Would you like to register optimizer pro and optimize and fix the remaining errors on your PC?" This one seems fishy to me as well.

4. This bubble pop up actually came from the bottom right icon tray:
Computer Security- "There are multiple security problems with your computer. Click this notification to fix." I think this one is the legitimate Windows program but I'm not touching/doing anything till I let you know about all these notifications.

5. This one popped up just as I was about to send this reply with the 4 above items:
User Account Control- "A program needs your permission to continue. If you started this program continue." The program is listed as: "Subeo Tech Inc." When I click on "More details" it says "C:\Programs\Program Files\OptimizerPro\OptimizerPro.exe" Obviously linked to the #3 above but getting pushy to have me allow it to run.?

Regardless of which one's are legit or not, it seems like she installed a lot of different "help your computer" type programs which could be fighting each other??? To reiterate, it's not a computer I use much so I can't take the...err..."credit" for the mess created.

I know you love my lengthy and numbered reply's...lol... sorry. I'm just trying to be as thorough and descriptive as possible.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
29-Aug-2012, 07:41 PM #12
no problem

go into programs and Features, see how many of those programs are on the installed programs list that you have mentioned

if they are there - remove them

make sure you also remove the following:


ARO 2011
Ask Toolbar
Ask Toolbar Updater
iLivid
Incredibar Toolbar on IE
Optimizer Pro v3.0
OptimizerPro Updater
PC Performer
StartNow Toolbar
uTorrentControl2 Toolbar
Vuze
Vuze Remote Toolbar


NEXT

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
medium_low_skill's Avatar
medium_low_skill medium_low_skill is offline
Computer Specs
Member with 80 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Beginner
29-Aug-2012, 08:59 PM #13
Hi again Cat.

A couple of things:
1. I couldn't find "Incredibar Toolbar on IE". However, I found "Web Assistant 2.0.0.455 IncrediBar 1.91MB" I assume that's the same thing but just wanted to dbl check (measure twice, cut once...).

2. I wasn't familiar with most of the programs on that list. Are all the items on that list known malware/spyware? I'd like to be able to tell my friend what programs were the problem. Are the Ask Toolbar items you had me remove related to Ask.com? I thought that was a legitimate site.

3. Lastly, irt Malwarebytes. If I download it and update on my computer, am I able to transfer the "updated version" to her computer via my thumb drive or does it have to be updated on her computer which doesn't currently have internet access here at my house. I would guess that I could
A. Just go into program files (after updating it) and copy the Malwarebytes folder (which should contain all the sub-folders & other required information) then paste it into her programs folder? Or do I need to
B. Install the basic Malwarebytes on both computers, update on my computer, then compare the two computers folders and copy/paste any missing data from my computer to hers iot update hers. Do either of those methods seem doable?...

--Btw, I've checked your status before iot see if you're around and it's always said Catbyte is offline. Do you have it set to always say that or do you just pop onto the site for a few minutes at a time to answer your email notification that a reply has been posted. I'm was just trying to figure out a way to know if your around. To know more about the best time to expect to find you, where are you located? I'm in Spokane Wa so I'm on PST and it's 6PM currently.
CatByte's Avatar
Malware Removal Specialist with 3,893 posts.
 
Join Date: Feb 2009
29-Aug-2012, 09:20 PM #14
I pop in and out as I am on several forums,

"Web Assistant 2.0.0.455 IncrediBar 1.91MB" can go as well


the programs I have listed are adware or programs that are not very useful, ask is quasi legit, but certainly not necessary and has been linked to adware

the toolbars really add nothing to the browsing experience

the others are torrents which when used to download software, usually are responsible for the infection, if she really wants to keep any/all of those I have listed, by all means do so.

Please download the Malwarebytes installer to the USB, then transfer the installer to the computer and install it on her computer, it's a very useful program to have, she should keep it and run it every so often.

If you have any other questions please ask, I'll be around for about half an hour or so
medium_low_skill's Avatar
medium_low_skill medium_low_skill is offline
Computer Specs
Member with 80 posts.
THREAD STARTER
 
Join Date: Mar 2010
Experience: Beginner
29-Aug-2012, 09:42 PM #15
1. Just a follow up on the Malwarebytes. How do you want me to get the updates to her computer? Will one of the methods I described work, or not so much?

2. Even now that you're around for a little bit your status shows red (offline). Without telling be exactly where you are, how do your times match up to PST where I'm at? I'm usually most available from 0900-2200 PST and sometimes a little outside those times when I can't sleep

You're very patient, thank you.

Last edited by medium_low_skill; 30-Aug-2012 at 07:25 AM..
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
black screen, computer beeping sound, critical, explorer, pandora

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑